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Securely.  Say  yes  to  users  who  need  to  work 
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Smarter  technology  for  a  Smarter  Planet: 

.  ■  Jo . '  golc:, 

It  means  that  the  futures  contract  for  that  gold  can  trade  instantly  and  more  securely.  The  Dubai  Gold  &  Commodities  | 
Exchange  (DGCX)  has  maintained  their  complex  network  of  worldwide  members  for  four  years  without  a  single  2 
security  breach  due  to  malware,  and  without  any  unplanned  downtime.  The  DGCX  worked  with  IBM  Security 
Solutions  to  help  implement  an  intrusion  prevention  system  that  builds  security  into  every  aspect  of  their  online  J 
trading  services  and  proactively  adapts  to  ever-evolving  threats.  A  smarter  business  is  built  on  smarter  software, 
systems  and  services. 

Let’s  build  a  smarter  planet,  ibm.com/exchange 
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APPLICATIONS 


Enterprise  App  Stores:  A  Good  Idea? 


SHOULD  EMPLOYEES  be  able  to  down¬ 
load  enterprise  applications  just  like 
smartphone  users  download  consum¬ 
er  software  from  online  app  stores? 
That’s  a  question  some  IT  shops  and 
software  vendors  are  pondering,  according 
to  a  Jan.  10  blog  post  by  Gartner  Inc.  analyst 
Dennis  Gaughan. 

He  said  that  an  enterprise  app  store  could 
help  IT  deploy  and  maintain  corporate  apps 
more  easily  while  tracking  downloads  and 
usage  trends.  “It’s  a  very  compelling  idea, 
one  that  software  vendors  and  service  pro¬ 
viders  are  thinking  about  to  help  sell  more 
software  and/or  services,”  he  added. 

“The  idea  has  legs,”  Gaughan  concluded, 
but  he  cautioned  that  there  are  big  hurdles 
to  overcome  because  of  the  differences 
between  heavy-duty  enterprise  apps  and 


inexpensive  smartphone  apps: 

■  Unlike  Apple  Inc.’s  popular  App  Store, 
where  one  company  controls  everything 
except  code  development,  an  enterprise  app 
store  would  have  to  deal  with  a  wide  variety 
of  technologies  and  vendors.  “It  would 
also  require  a  level  of  cooperation  between 
vendors  that,  to  say  the  least,  has  been  dif¬ 
ficult  to  achieve,”  Gaughan  said. 

■  Smartphone  apps  work  independently, 
whereas  enterprise  apps  (like  order 
management  and  logistics)  need  to 
work  together  and  share  data. 

■  An  enterprise  app  store  would 
need  a  standardized  approach  to  provision¬ 
ing,  billing  and  maintenance  for  all  of  the 
store’s  software,  while  IT  would  have  to 
ensure  compliance  with  licensing  terms. 

-  Mitch  Betts 
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SECURITY  MONITOR 

Intrusion  Tools 
Getting  Better 
But  Need  Tuning 

The  latest  tests  of  intrusion- 
protection  systems,  which  are  used 
to  defend  corporate  networks  from 
external  threats,  show  that  they’re 
improving  but  are  far  from  perfect. 

NSS  Labs  Inc.  tested  13  IPS  prod¬ 
ucts  from  11  vendors  in  the  fourth 
quarter  of  2010.  At  default  settings 
for  protecting  against  malware 
exploits,  the  systems  caught  62% 
of  the  attacks  on  average,  up  from 
45%  in  2009. 

In  their  default  modes,  McAfee 
Inc.’s  M-8000  and  Cisco  Systems 
Inc.’s  IPS  4260  Sensor  were  the  best 
at  blocking  attacks  against  desktop 
applications,  with  effectiveness 
rates  of  94.5%  and  91.8%,  respec¬ 
tively,  in  NSS’s  tests. 

When  engineers  from  the  com¬ 
panies  were  allowed  to  “tune’’ 
their  products,  or  add  more  rules 
designed  to  catch  specific  types  of 
attacks,  the  13  IPS  products  had 
substantially  higher  success  rates. 

Some  products  had  effectiveness 
rates  as  low  as  31%  at  the  default 
settings.  “There’s  a  big  difference 
between  the  default  and  the  tuned 
for  many  vendors,"  said  Rick  Moy, 
president  of  NSS  Labs. 

The  11  vendors  voluntarily  submit¬ 
ted  their  products 
for  the  free  test¬ 
ing,  but  nine  other 
vendors  declined, 
said  Moy.  “The  vendors  who  had 
confidence  in  their  products  wanted 
to  participate,”  he  said. 

-  JEREMY  KIRK, 
IDG  NEWS  SERVICE 
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means 


It  means  doctors  in  Ethiopia  will  be  able  to  instantly  compare  this  blood  sample  to  over  41,000  HIV  treatment 
histories  to  help  their  patients  receive  the  best  treatment  regimen  possible.  The  EuResist  Network  is  helping 
/  doctors  predict  patient  response  to  various  HIV  treatments  with  over  78%  accuracy— outperforming  9  out  of  10 
.  '  '  hurtian  experts  in  a  recent  study.  The  tool  is  built  on  an  IBM  analytics  solution  that  integrates  a  variety  of  disparate 


/  databases  onto  a  flexible  IBM  DB2®  platform  to  process  complex  metadata  more  effectively  than  anything  else 
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BETWEEN  THE  LINES 

By  John  Klossner 


ENTERPRISE  APPLICATIONS 

Users  Hit  ‘Pause’  on  ERP  Investments 


THENUMBERof  companies  planning 
to  invest  in  their  ERP  systems  will 
drop  slightly  this  year,  according  to  a 
Forrester  Research  Inc.  report,  even 
as  IT  spending  overall  is  expected  to  rise. 

One  quarter  of  roughly  900  companies 
surveyed  by  Forrester  plan  to  upgrade,  expand 
or  implement  an  ERP  system,  down  from  29% 
in  a  study  last  year,  according  to  the  report  by 
analyst  Paul  Hamerman. 

Overall,  72%  are  “in  a  holding  pattern  for 
2011,  with  plans  to  stand  pat  or  no  specific 
plans  to  invest  in  ERP,”  Hamerman  wrote. 

Roughly  half  of  ERP  customers  are  running 
product  releases  that  are  two  versions  behind 
the  current  one,  according  to  the  report.  But 
expiring  support  windows  and  related  price 
increases  will  spur  more  upgrades  over  time. 

Still,  overall  the  ERP  market  has  rebounded 
well  from  its  “disastrous”  2009,  according  to 
Hamerman’s  report. 

ERP  vendors  will  continue  to  roll  out  new 
features  and  functionality,  although  many 


customers  may  not  adopt  them  for  some  time. 
Those  features  include  cloud-based  deployment 
options,  mobile  applications  and  embedded 
business  process  modeling,  Hamerman  said. 

One  of  the  most  significant  ERP  product 
launches,  Oracle  Corp.’s  Fusion  Applications, 
is  expected  to  happen  this  quarter. 

Perhaps  with  one  eye  on  the  economy, 
Oracle  has  set  modest  public  expectations  for 
user  adoption  of  the  long-delayed  software, 
which  is  supposed  to  combine  the  best  attri¬ 
butes  of  the  company’s  various  ERP  lines  into 
a  next-generation  suite. 

Fusion  Applications  will  be  available  in 
modules  to  be  deployed  either  on-premises  or 

in  the  cloud.  Oracle  said  the  modules  can  be 

* 

rolled  out  at  the  customer’s  own  pace. 

Also  this  year,  SAP  AG  is  expected  to 
release  of  a  series  of  software-as-a-service  ap¬ 
plications  that  act  as  extensions  of  its  on¬ 
premises  ERP  systems,  as  well  as  mobile  soft¬ 
ware  obtained  from  its  acquisition  of  Sybase. 

-  Chris  Kanaracus,  IDG  News  Service 


ABI  Research  estimates 
that  more  than 

7  trillion 

S  text  messages  will  be 
sent  worldwide  this  year. 


THINK  TANK 

Bl  Tools  Can 
Help  Evaluate 
Green  Programs 

We  usually  think  of  “green  IT”  as 
making  data  centers  more  energy 
efficient.  But  there’s  another  form 
of  green  IT  emerging:  the  use  of 
business  intelligence  systems  to 
analyze  data  about  a  company’s 
progress  in  meeting  its  environ¬ 
mental  goals. 

Deloitte  Consulting  LLP  called  it 
“sustainability  analytics”  in  a  report 
released  late  last  year. 

"Through  analytics,  leaders  can 
obtain  the  fact-based  guidance  they 
need  to  make  informed  decisions 
about  how  their  organizations  ap¬ 
proach  sustainability  and  climate 
change  issues,”  the  report  said. 

For  example,  managers  could 
analyze  data  to  determine  which 
of  their  sustainability  initiatives  are 
actually  achieving  their  intended 
goals,  and  to  allocate  resources 
to  efforts  that  have  the  greatest 
likelihood  of  satisfactory  returns, 
Deloitte  said. 

The  report  cited  one  unnamed 
company  that  tracks  metrics  at  80 
global  facilities  and  was  able  to  spot 
“facilities  that  consumed  conspicu¬ 
ously  large  amounts  of  energy,  as 
well  as  those  where  the  cost  of  trav¬ 
el  per  employee  was  much  higher 
than  average.”  The  company  then 
took  actions  that  saved  money  and 
reduced  its  carbon  footprint. 

-  MITCH  BETTS 
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Rely  on  one  network  right 
where  your  team  needs  it 

Sprint  Global  MPLS  gives  you  the  upper  hand  by  converging  voice, 
video  and  data  on  a  single  IP-based  network.  Sprint  Global  MPLS  also 
gives  you  best-in-class  network  performance,  with  industry-leading 
SLAs  and  Class  of  Service  at  no  additional  charge  to  get  you  started. 
1-866-653-1056  sprint.com/convergence 


The  Now  Network " 


Winner  of  the  Frost  &  Sullivan  North  American  Product  Leadership  Award 

for  MPLS  Service  Level  Agreements  for  Business  Customers-2010 
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NEWS  ANALYSIS 


Congress  Set  to 
Debate  Tech  Issues 

Analysts  expect  a  divided  Congress  to  come  together 
to  tackle  targeted  cybersecurity,  skilled  immigration 
and  other  tech-related  bills  this  year.  By  Grant  Gross 


THOUGH  THE  NEW  CONGRESS  comes  in  with  plans  to 
focus  on  the  budget  and  social  issues,  analysts  expect 
that  legislators  will  also  take  on  key  technology  con¬ 
cerns,  albeit  with  scaled-back  legislation. 

The  session  of  Congress  that  started  this  month 
finds  Democrats  in  control  of  the  Senate  and  Republicans 
holding  a  majority  in  the  House  of  Representatives  —  a  situa¬ 
tion  that  is  expected  to  make  for  a  contentious  period  leading  up 
to  next  year’s  elections.  But  analysts  say  that  some  tech  topics 
haven’t  faced  partisan  debate  in  recent  years  and  thus  agree¬ 
ments  could  be  reached  on  select  pieces  of  legislation. 

Congress  should  have  a  window  of  six  to  eight  months  to 
tackle  some  key  tech  issues  before  lawmakers’  attention  turns 
to  the  2012  election  cycle,  said  Dean  Garfield,  president  and  > 
CEO  of  the  Washington-based  Information  Technology  Industry 


Council,  a  technology  trade  group. 

“I  think  there’s  a  real  opportunity  to  get 
some  meaningful  [technology]  legislation 
passed,”  he  said,  though  he  acknowledged 
that  the  focus  will  likely  be  on  bills  targeting 
narrow  concerns  rather  than  wide-ranging 
issues.  “I  think  the  chance  of  having  a  compre¬ 
hensive  anything  in  2011  with  this  Congress  is 
slim  to  none,”  he  added. 

Targeted,  scaled-back  tech-focused  bills 
could  have  “the  dual  benefit  of  being  non¬ 
partisan  and  fitting  within  the  first  priority  of 
Democrats,  Republicans,  House  and  Senate 
and  the  [Obama]  administration,  which  is  get 
the  economy  back  on  track  and  create  jobs,” 
Garfield  said. 

For  example,  while  comprehensive  cyber¬ 
security  legislation  is  unlikely  to  pass  through 
Congress,  smaller  pieces,  such  as  a  scaled-down 
data-breach  notification  bill  or  funding  for 
cybersecurity  research,  have  a  chance  at  becom¬ 
ing  law  in  this  session,  said  Charlie  Greenwald, 
vice  president  of  communications  at  TechAmeri- 
ca,  a  Washington-based  technology  trade  group. 

Technology  policy  experts  also  expect  that 
Congressional  Republicans  will  push  to  repeal 
the  December  Federal  Communications 
Commission  vote  to  approve  Net  neutrality 
rules  that  prohibit  broadband  providers  from 
blocking  customer  access  to  legal  Web  content. 
Rep.  Marsha  Blackburn  (R-Tenn.)  has  already 
introduced  legislation  that  would  strike  down 
the  new  Net  neutrality  rules. 

The  push  to  repeal  the  ruling,  which  was 
criticized  by  both  business  and  consumer 
groups,  is  likely  to  stall  either  in  the  Senate  or 
the  White  House,  experts  said. 

Other  tech-related  agenda  items  that  could 
move  forward  this  year  include  a  revamp  of  the  25-year-old  Elec¬ 
tronic  Communications  Privacy  Act,  reform  of  skilled-immigration 
programs,  corporate  tax  changes  that  would  affect  many  technol¬ 
ogy  firms,  measures  affecting  wireless  spectrum  for  public  safety 
agencies,  and  a  free-trade  agreement  with  South  Korea. 

Meanwhile,  experts  anticipate  that  any  bills  looking  to  provide 
consumers  with  more  control  over  tracking  by  online  advertis¬ 
ing  networks  and  Web  sites  are  probably  doomed  to  fail  in  a 
Republican-controlled  House  of  Representatives. 

Last  year,  members  of  the  House  Energy  and  Commerce  Com¬ 
mittee  introduced  legislation  that  would  have  allowed  consumers 
to  opt  out  of  Web  tracking  efforts,  but  Republicans  sided  with 
several  advertising  and  business  groups  that  opposed  the  bill. 
Thus,  chances  of  similar  legislation  passing  in  2011  are  small.  ♦ 
Gross  is  a  reporter  for  the  IDG  News  Service. 


f  :fc’ ,  I  think  there's  a  real  opportunity  to  get  some  meaningful  [technology]  legislation  passed. 

:i  -H  GARFtE  l.t‘  PRESIDENT  AND  CEO.  INFORMATION  TECHNOLOGY  INDUSTRY  COUN 
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There’s  no 
Technology 
like  Business 
Technology. 
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Punch  cords,  floppy  disk  and  data  processing.  Will  'information  technology'  soon  be  another  of  these  outdated  terms?  It  is 
increasingly  clear  that  we  need  to  become  acquainted  with  a  fresh  term:  Business  Technology. 


Innovative  thinking  and  technology  have  already  led  to  a 
step  change  in  the  way  business  is  done  in  the  21st  century. 
Procurement  has  evolved  into  Supply  Chain  Management, 
sales  teams  are  now  supported  by  Customer  Relationship 
Management  and  sales  campaigns  are  now  supplemented 
by  Social  Media  Marketing.  Common  to  these  developments 
are  the  powerful  tools  required  to  assist  management  and 
employees  in  order  to  efficiently  control  global  work  processes. 

Regardless  of  the  type  of  enterprise  or  government  body, 
organizations  that  fail  to  employ  the  very  latest  technologies 
and  services  will  not  be  able  to  compete  in  the  longer  term. 

A  media  company  that  isn't  familiar  with  the  latest  iPad  and 
Android  applications,  an  industry  player  that  doesn't  have  a 
firm  grip  on  its  manufacturing  chain,  or  a  utility  company  that 
isn't  up  to  date  on  the  topic  of  smart  grids  -  will  find  it  difficult 
to  both  operate  cost  effectively  and  continue  to  grow  their 
customer  bases. 

It  has  become  extremely  difficult  to  gain  a  general 
understanding  of  the  huge  range  of  technology  and  services 
available,  let  alone  the  detailed  information  regarding  these 
solutions.  Despite  trade  journals  and  fairs,  very  few  managers 
can  boast  that  they  still  have  a  complete  and  up-to-date 
picture,  even  within  their  own  field  of  expertise. 

The  people  who  are  thriving  on  the  challenge  have  two  key 
areas  of  competence.  First,  deep  industry  know-how  about 
the  internal  processes  and  needs  of  customers,  partners 
and  suppliers.  In  short:  Business.  Second,  the  ability  to 
understand  and  shape  the  technological  landscape,  the 
interaction  of  the  components  and  the  transformation  to 
the  state-of-the-art  technologies  and  trends,  such  as  cloud 
computing  and  app-based  business  models. 

In  short:  Technology. 

The  reality  is  there  are  thousands  of  individuals  drawing  on 
a  unique  understanding  of  a  wide  range  of  industries  and 
practicing  Business  Technology  day  in,  day  out. 


Siemens  IT  Solutions  and  Services,  one  of  the  world's  largest 
outsourcers  and  providers  of  industry-specific  solutions,  has 
recognized  the  growing  importance  of  Business  Technology  and 
is  backing  it  as  the  future  of  its  industry.  The  team  at  Siemens 
are  such  passionate  exponents  of  Business  Technology  that  they 
call  themselves  the  Business  Technologists. 


Christian  Oecking,  Chairman  of 


■ 


the  Managing  Board  of  Siemens  IT 
Solutions  and  Services,  describes  his 
people  and  why  the  company  has 
made  such  a  defining  statement: 

Our  people  can  talk  on  equal  terms 
with  IT  specialists  as  well  as  business 
|  leaders  and  process  managers.  They 
can  look  at  businesses  from  both 
|  an  economic  and  a  technological 
perspective. 

They  supply  technological  answers  to  industry-specific 
questions  and  they  implement  comprehensive  and  concrete 
technological  solutions  from  a  strong  partner  ecosystem 
that  help  our  customers  deliver  on  their  business  strategy. 
The  customer  landscape  demands  Business  Technology  and 
we  are  ready  to  deliver  it  like  no  other  company.  That's  why 
we  are  the  Business  Technologists." 


f 
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Contact: 

Siemens  IT  Solutions  and  Services,  Inc 
101  Merritt  7  06851 
Norwalk,  CT 
Tel.  203-642-2300 

E-mail: 

corporate.communications.us.it-solutions@siemens.com 
Further  information:  www.usa.siemens.com/it-solutions 


NEWS  ANALYSIS 


Exec  Exits  Bad  News 
For  Microsoft  Techies 

Microsoft  watchers  say  the  loss  of  Muglia  and 
others  could  prove  to  be  a  burden  to  the  company’s 
technical  staff.  By  Gregg  Keizer  and  Joab  Jackson 


THE  DEPARTURES  of  Bob  Muglia  and  other  executives 
from  Microsoft  Corp.  could  be  a  troubling  sign  for  the 
software  vendor,  because  many  of  those  involved  in  the 
exodus  were  held  in  high  esteem  by  the  company’s  tech¬ 
nical  talent,  industry  observers  say. 

Muglia,  a  23-year  Microsoft  veteran  who’s  slated  to  step  down 
as  president  of  the  company’s  lucrative  Server  and  Tools  Business 
(STB)  this  summer,  will  be  the  latest  in  a  wave  of  top  executives  to 
leave  the  software  giant  in  recent  months. 

In  just  over  a  year,  Microsoft  has  lost  Chief  Software  Architect 
Ray  Ozzie;  Stephen  Elop,  the  Office  group’s  president;  Robbie  ' 
Bach,  president  of  the  entertainment  division;  Chief  Financial 


Officer  Chris  Liddell;  and  now  Muglia. 

“What  worries  me  is  the  loss  of  these 
long-term  people  —  people  who  had  the 
respect  of  the  technical  community  inside 
Microsoft,”  said  Rob  Helm,  an  analyst  at 
Directions  on  Microsoft,  a  Kirkland,  Wash.- 
based  research  firm.  “That  was  especially 
true  of  Muglia.  His  departure  will  be  a  real 
burden  to  that  part  of  Microsoft.”  Engineer¬ 
ing  groups  “felt  [Muglia]  was  someone  who 
heard  them,”  Helm  added. 

Don  Dodge,  a  former  Microsoft  evangelist 
who  was  laid  off  in  2009  and  then  joined 
Google  as  a  developer  advocate,  said  in  his 
personal  blog  that  “losing  Muglia,  Robbie 
Bach,  Steve  Elop,  Ray  Ozzie,  Chris  Liddell, 
Kevin  Johnson,  Jeff  Raikes  and  other  senior 
execs  is  devastating.” 

Johnson  was  president  of  Microsoft’s  plat¬ 
form  and  services  group,  and  Raikes  once 
led  the  Office  unit;  both  left  in  2008. 

In  a  memo  to  Microsoft  employees  an¬ 
nouncing  the  latest  departure  earlier  this 
month,  CEO  Steve  Ballmer  touted  Muglia’s 
considerable  accomplishments  in  building 
STB  into  a  $15  billion-a-year  operation. 

However,  Ballmer  also  hinted  that  chang¬ 
ing  the  group’s  leadership  might  be  the  best 
move  for  the  future  of  the  business,  which  is 
responsible  for  Microsoft’s  development  and 
infrastructure  products,  including  Microsoft 
Windows  Server,  SQL  Server,  Visual  Studio 
and  System  Center. 

“Bob  Muglia  and  I  have  been  talking 
about  the  overall  business  and  what  is 
needed  to  accelerate  our  growth,”  Ballmer 
wrote.  “In  this  context,  I  have  decided  that 
now  is  the  time  to  put  new  leadership  in 
place  for  STB.  This  is  simply  recognition 
that  all  businesses  go  through  cycles  and 
need  new  and  different  talent  to  manage 
through  those  cycles.” 

Muglia  has  also  been  credited  with  shepherding  Microsoft’s 
entry  into  cloud  computing  by  guiding  the  rollout  of  its  Azure 
platform. 

Helm  suggested  in  an  interview  that  Microsoft  might  look 
outside  the  company  to  replace  Muglia,  though  he  couldn’t  iden¬ 
tify  any  potential  replacements. 

Muglia’s  departure  “is  a  critical  one,  but  I  couldn’t  point  at  any 
one  replacement,”  said  Helm.  “There  are  plenty  of  other  com¬ 
puting  companies  that  work  in  the  same  space  and  are  headed 
toward  the  cloud.  [They]  have  executives  who  might  work  out.”  ♦ 
Jackson  is  a  reporter  for  the  IDG  News  Service. 


What  worries  me  is  the  loss  of  these  long-term  people  -  people  who  had  the  respect 

of  the  technical  community  inside  Microsoft. 
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PHOTO  COURTESY  OF  MICROSOFT 


Kathryn 

Kerman 


This  travel  agency 
CIO  uses  technology 
to  give  customers  the 
personal  touch. 


Do  you  take  along  any  IT  gadgets 
when  you  travel?  I  never  leave 
home  without  my  iPhone. 

What's  the  most  interesting  place 
you’ve  been?  Costa  Rica. 

My  husband  and  I  honeymooned 
there.  Interesting  culture,  great 
country,  and  fascinating  people. 

What’s  your  dream  destination? 

Sailing  along  the  coast  of  Croatia 
is  on  the  top  of  my  list. 

What  do  you  do  in  your 
spare  time?  My  biggest  passion 
right  now  is  stand-up  paddling. 
And  raising  my  4-year-old  and 
traveling  as  much  as  we  can. 


THE  INTERNET  has  changed  how  people  plan  their  travel  needs  and  book  reserva¬ 
tions,  but  that  doesn’t  mean  they  are  completely  sold  on  using  technology  to  do  all 
the  work  on  their  own.  A  2010  study  by  Forrester  Research  Inc.  found  that  28%  of 
U.S.  leisure  travelers  who  booked  their  trips  online  would  be  interested  in  going  to  a 
good  traditional  travel  agent.  That  statistic  doesn’t  surprise  Kathryn  Akerman,  CIO  and  part 
owner  of  Hurley  Travel  Experts  in  Portland,  Maine.  A  24-year  veteran  of  the  industry  who 
worked  as  a  travel  agent  before  moving  into  IT,  Akerman  says  technology  can  help  the  travel 
planning  process,  but  it  can’t  replace  human  experience. 

Are  you  seeing  customers  return  to  travel  agencies  after  using  online  booking  sites? 

We’ve  had  clients  who  went  out,  tried  to  do  it  themselves  and  came  back  to  us  because 
they  realize  that  travel  booking  is  complicated  and  their  time  is  a  valuable  asset.  They’re 
looking  to  us  to  put  those  pieces  together  for  them  rather  than  going  to  different  sites 
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THE  GRILL 


KATHRYN  AKERMAN 


to  put  together  their 
own  itinerary.  If  they 
come  to  us,  it’s  one 
e-mail  for  them  and 
then  we  put  together 
the  options  they  need. 

What  are  the  most 
important  technolo¬ 
gies  you  provide  to 
your  employees? 

We  just  made  a 
huge  investment  in 
new  computers  for 
all  our  agents.  We 
took  advantage  of  a 
dual  screen  for  our 
corporate  agents, 
which  allows  them  to 
work  so  much  more 
efficiently  —  to  have 
an  e-mail  on  one  side 
and  booking  travel 
on  the  other.  And  the 
midoffice  quality- 
control  system  is 
hugely  important  for 
us.  It  has  made  our 
agents  much  more 
efficient,  so  they  can 
focus  on  customer 
service.  Our  agents 
can  work  with  the 
customers  rather 
than  deal  with  those 
formatting  steps  that  a  computer  can  do  for  them.  So 
once  we  finalize  [travel  plans]  with  the  customer,  we 
can  push  that  reservation  through  to  the  technol¬ 
ogy  and  take  care  of  those  redundant  steps,  issuing 
the  ticket  and  the  quality  control  —  making  sure 
the  seats  are  correct,  [checking]  the  date  continuity, 
e-mailing  the  customer  with  confirmation. 


One  of  our 
biggest  struggles 
is  the  way  we 
book  travel.  There 
are  these  antique  legacy 
systems.  They  require  a  lot  of 
technology  integration. 


As  an  industry  insider  and  CIO,  how  do  you  charac¬ 
terize  how  technology  changed  the  travel  industry? 

It  allows  the  customers  to  be  so  much  better  in¬ 
formed  when  they  come  to  us.  But  one  of  our  biggest 
struggles  is  the  way  we  book  travel.  There  are  these 
antique  legacy  systems  that  the  airlines  created  long 
ago  that  were  purchased  by  other  entities.  They 
require  a  lot  of  technology  integration. 


[and  improve]  visibility.  These  businesspeople  want 
to  book  online,  but  the  CFO  wants  to  know  where 
they’re  spending  money.  So  by  giving  them  that 
online  tool  with  those  discounts,  they  have  that 
visibility. 

Your  Web  site  talks  about  travel  being  a  people 
business.  How  do  you  make  sure  agents  have  the 
capabilities  they  need  but  keep  the  technology 
from  getting  in  the  way  of  that  personal  touch?  We 

really  make  such  a  concerted  effort  to  get  the  booking 
done  behind  the  scenes.  We’re  focused  on  the  fact 
that  you’re  coming  to  us  because  of  our  hands-on 
experience.  We  want  people  to  know  we  have  up- 
to-date  technology  and  an  up-to-date  Web  site,  but 
I  don’t  know  if  technology  will  be  the  driving  factor 
in  why  they  come  to  us.  It’s  still  our  people  and  the 
experience  they  have. 

I  understand  you're  updating  your  Web  site.  It’s  a 
full  rebuild.  We  had  what  was  really  just  an  online 
brochure.  But  we  want  people  to  go  into  our  site  and 
have  a  feel  for  who  we  are.  And  with  today’s  different 
generations  —  baby  boomers  to  Gen  Y  —  I  think 
they’re  all  reached  so  differently  now.  If  it’s  the  baby 
boomer  who  still  wants  to  have  the  brochure  and  see 
that  person’s  face,  that’s  there,  too. 

So,  what  are  the  priorities  as  you  rebuild?  To  have 

up-to-date  information  accessible  at  all  times.  So 
whether  it’s  how  to  reach  an  agent  [or]  to  be  able  to 
do  a  little  bit  of  research  —  to  know  that  an  agent 
who  is  traveling  to  Africa  is  blogging,  and  that’s 
where  you’re  planning  on  going  next  year,  and  you 
can  follow  her  and  see  how  it’s  going;  to  open  up  a 
video  of  a  trip  that  an  agent  just  took  to  Greece  and 
get  a  feel  for  how  the  hotel  was  from  her  perspective 
—  it’s  still  that  human  element,  but  adding  technol¬ 
ogy  to  have  that  information  at  all  times. 

What  technologies  do  your  agency's  clients  want  you 
to  provide  for  them?  Most  clients  just  want  to  have 
access  to  us.  They  just  want  to  know  we’re  there.  So 
it’s  providing  phone  service  for  emergencies,  so  when 
they’re  stuck  at  an  airport,  they  have  someone  to  call. 
On  a  CFO  level,  they  want  to  see  the  reports.  They 
want  to  have  the  travel-spend  visibility  and  an  online 
reporting  tool  to  access  the  data  we’ve  pushed  out.  It’s 
using  voice  over  IP,  so  our  agents  can  answer  at  home 
but  have  the  phone  ring  as  seamlessly  as  if  the  agent 
were  in  the  office. 


How  do  you  use  technology  to  allow  your  company 
to  better  compete  with  online  travel  booking  sites? 

We  do  offer  faster  and  more  complex  booking  inter¬ 
faces  than  customers  typically  see  on  those  online 
sites.  But  we  also  have  that  personal  service  that 
helps  our  clients  save  time  and  money.  We’re  also 
helping  corporations  to  streamline  their  expenses 
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What  remains  your  greatest  challenge  right  now  as 
CIO?  To  keep  up  with  technology  but  not  break  the 
bank  providing  those  technologies,  and  yet  still  allow 
us  to  retain  that  human  element. 

—  Interview  by  Computerworld  contributing  writer 
Mary  K.  Pratt  (marykpratt@verizon.net) 


A  work  of  art  in  secure  computing. 

Building  a  better  cloud  takes  a  revolutionary  approach  to 
virtualization  that  goes  far  beyond  conventional  solutions. 
With  a  resilient  infrastructure  and  robust  security,  SunGard 
provides  maximum  protection  and  a  fully  managed  solution 
that  virtually  eliminates  the  risk  of  failure.  Navigate  the  cloud 
with  confidence  as  it  dynamically  scales  to  meet  your  needs. 
With  leading-edge  technology  and  a  staff  of  accomplished 
professionals,  SunGard  can  help  make  your  next  cloud 
computing  project  a  work  of  art. 


Download  the  white  paper 
"Building  a  Better  Cloud" 
at:  sungardas.com/cloud11 


©  2010  SunGard.  SunGard  and  the  SunGard  logo  are  trademarks  or  registered  trademarks  of  SunGard  Data  Systems  Inc.  or  its  subsidiaries  in  the  U.S.  and  other  countries. 
All  other  trade  names  are  trademarks  or  registered  trademarks  of  their  respective  holders. 


—  OPINION 


PAIR  GLEN 

What  to  Do  When 
You  Get  a  New  Boss 


Recognize  that 
your  emotions 
are  not  your  new 
boss’s  primary 
concern.  She 
has  the  facts  of 
the  transition  to 
deal  with. 


Paul  Glen  is  a 

consultant  who  helps 
technical  organizations 
improve  productivity 
through  leadership, 
and  the  author  of 
the  award-winning 
book  Leading  Geeks 
(Jossey-Bass,  2003). 
You  can  contact  him  at 
info@paulglen.com. 


THERE  ARE  FEW  WORK  EXPERIENCES  as  unsettling  as  the  arrival  of  a 
new  boss.  I’m  not  talking  about  moving  into  a  new  department  or  job 
and  getting  a  new  supervisor  in  the  process.  That  can  be  fun,  because 
you’re  excited  about  the  new  assignment  or  promotion. 


I’m  talking  about  when  your  boss  gets  replaced. 

In  that  case,  there’s  rarely  a  sense  of  adventure. 

Most  people  find  a  change  above  them  to  be  unset¬ 
tling,  prompting  them  to  ask  themselves  things  like, 
“Will  I  get  fired  when  the  new  boss  brings  in  his 
favorite  people  from  his  past  position?”  “Will  my 
contributions  be  valued  as  much  as  before?”  “Why 
didn’t  I  get  the  job?  Am  I  not  respected  here?” 

These  issues  are  freighted  with  emotion,  and 
that  can  make  it  difficult  to  get  off  on  the  right 
foot  with  the  new  supervisor.  To  give  yourself  the 
best  chance  of  establishing  a  productive  relation¬ 
ship,  you’ll  need  to  do  a  little  homework.  Take  the 
focus  off  yourself  and  do  your  best  to  understand 
the  new  boss’s  situation.  Recognize  that  your  emo¬ 
tions  are  not  your  new  boss’s  primary  concern. 

She  has  the  facts  of  the  transition  to  deal  with, 
along  with  her  own  emotions. 

Here  are  some  steps  to  take  in  preparation  for 
that  first  big  meeting. 

Start  by  figuring  out  what  your  new  boss’s 
mandate  might  be.  You  can  probably  make  a 
pretty  good  guess  by  considering  the  state  of  your 
group  and  taking  stock  of  the  circumstances 
under  which  your  old  boss  left.  Was  his  departure 
voluntary  or  involuntary?  Was  he  fired,  promoted 
or  subjected  to  a  life  change,  or  did  he  choose  to 
move  to  another  organization?  Was  he  loved  or 
despised  by  subordinates,  peers  and  supervisors? 
The  challenges  faced  by  the  new  boss  will  be  quite 
different  depending  on  whether  she  is  succeeding 
a  beloved  patriarch  who  left  everything  running 
smoothly  or  a  despised  despot  who  left  a  pile  of 
bodies  behind.  You  should  be  able  to  put  all  of 


this  together  well  enough  to  make  a  list  of  the  top 
few  things  that  you  think  your  new  boss  has  been 
tasked  to  accomplish. 

You’re  going  to  use  those  suppositions  to  create 
a  second  list,  but  first  I  recommend  a  little  exer¬ 
cise  aimed  at  getting  your  emotions  in  hand.  This 
involves  writing  two  other  lists.  These  lists  aren’t 
for  anyone’s  eyes  but  yours,  so  don’t  hold  anything 
back.  The  title  of  the  first  should  be  “Things  the 
new  boss  could  do  that  would  exacerbate  all  of  our 
current  problems.”  The  second  should  be  “Things 
the  new  boss  could  do  that  would  undermine 
what’s  working  really  well  now.”  After  you’ve 
vented,  go  over  these  two  lists  and  think  about  the 
genuine  issues  that  have  given  rise  to  the  items 
you  have  put  down. 

Once  you  have  studied  these  two  lists  enough 
to  separate  emotion  from  reason,  write  down  the 
things  that  you  feel  the  new  boss  needs  to  under¬ 
stand  about  the  current  work  of  the  organization, 
how  it  does  or  doesn’t  support  her  presumed 
mandate,  your  role  in  that  work,  the  culture  of  the 
organization  and  the  individuals  involved.  Run 
through  the  list  and  make  sure  you  really  know 
what’s  important  about  each  point. 

In  your  first  meeting  with  the  new  boss,  you 
need  to  restrict  yourself  to  sharing  only  the 
category  titles  and  general  themes  you  have  come 
up  with.  You  don’t  want  to  overwhelm  her  with 
details  at  this  point. 

The  goal  of  your  first  meeting  with  your  new 
boss  is  to  establish  a  working  relationship  that  will 
earn  you  the  right  to  share  the  details  later  and 
have  your  input  be  respected.  ♦ 
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faster  server  ROI, 


With  budgets  flat  and  workloads  exploding,  it's  time  to  unleash  the  innovation  and  cost  savings  locked  up 
within  your  aging  server  infrastructure  with  next  generation  HP  ProLiant  servers  powered  by  8-  and  12-core 
AMD  Opteron™  6100  Series  processors.  Upgrade  now  and  experience: 

•  23:1  server  consolidation  ratio1 

•  96%  or  more  savings  on  energy  and  cooling1 

•  $48,380  in  total  savings  for  every  100  users2 

Transform  your  server  environment  while  building  the  foundation  for  the  HP  Converged  Infrastructure. 

All  for  an  investment  that  pays  for  itself  in  as  little  as  2  months.1  Unleash  faster  server  ROI  now. 

Outcomes  that  matter. 

See  the  proof.  Access  our  ROI  calculator  and  register  to  download  your  podcasts  at 

hp.com/servers/unleash5 


20  YEARS 

OF  x86  SERVER  INNOVATION 


HP  ProLiant  DL385  G7  Server 

•  AMD  Opteron™  Processor  Model  6134 

•  4  GB  memory,  up  to  256  GB  max 

•  Up  to  eight  (8)  small  form  factor  high-performance  SAS  hard  drives 
with  standard  cage.  Or  up  to  16  SFF  or  6  LFF  hard  drives  with 
optional  drive  cages. 

•  Integrated  Lights-Out  3  (iLO  3)  providing  industry-leading 
management  and  8X  faster  remote  console  performance 

$2,599  (Save  $498) 

Lease  for  just  $69/mo.* 

(PN:  605869-005) 


HP  ProLiant  BL465c  G7  Server 

•  AMD  Opteron™  Processor  Model  61 28HE 

•  8  GB  memory,  up  to  256  GB  max 

•  Up  to  two  (2)  hot  plug  small  form  factor  SAS,  SATA, 
or  SSD  drives 

•  Integrated  Lights-Out  3  (iLO  3)  providing  industry-leading 
management  and  8X  faster  remote  console  performance 

•  Two  Integrated  HP  Virtual  Connect  FlexFabric  Converged 
Network  Adapters 


Starling  at  $3,079 

Lease  as  low  as  $88/mo.* 
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G7  server.  $3,097-$498=SmartBuy  price  $2,599;  nP  ProLiant  61465c  G7  server  starting  at  $3,079).  Financing  available  through  Hewlett-Pa _ _ _  _  , _ 

to  qualified  commercial  customers  in  the  U.S.  and  is  subject  to  credit  approval  and  execution  of  standard  HPFSC  documentation.  Prices  shown  are  based  on  a  lease  48  months  in  term  with  a  fair  market  value 
purchase  option  at  the  end  of  the  term  and  are  valid  through  December  31,  2010.  Other  charges  and  restrictions  may  apply.  HPFSC  reserves  the  right  to  change  or  cancel  this  program  at  any  time  without  notice. 


"Working  with  startup  companies  on  a  tight 
budget,  my  clients  know  an  online  presence  is 
needed.  I  use  1&1  exclusively  to  satisfy  their 
requests  for  reliable  hosting  at  affordable  rates." 

Lance  Ochs,  www.vacantpixels.com 
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Extensive  language  support  with  PHP  5/6 
(beta)  with  Zend  Framework  and  git  version 
management  software. 
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As  the  world's  largest  web  host,  we  know  the  developer 
features  you  need  in  a  hosting  package! 
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Domains  Included 

All  hosting  packages  include  domains, 
free  for  the  life  of  your  package. 

Unlimited  Traffic 

Unlimited  traffic  to  all  websites  in  your 
1&1  hosting  package. 

HaiiaI nnoK  Costume 
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Online  Marketing  Tools 

SEO  tools  to  optimize  your  website. 

1&1  Webstatistics  makes  it  easy  to  monitor 
your  progress. 

Green  Data  Centers 

We're  committed  to  hosting  your  site  with 
a  minimal  impact  on  the  environment. 


Get  started  today,  call  1-877-GO-1AND1 


1&1®  HOSTING  PACKAGES 

6  MONTHS 

FREE! 


1&1®  BUSINESS  PACKAGE: 

■  3  Included  Domains 

■  Private  Domain  Registration 

■  250  GB  Web  Space 

■  UNLIMITED  Traffic 

■  NEW:  Version  Management 
Software  (git) 

■  2,500  E-mail  Accounts 

■  50  MySQL  Database  (100  MB) 

■  25  FTP  Accounts 

■  E-mail  Marketing  Tool 

■  24/7  Toll-free  Customer  Support 


Need  more  domains? 

.info  domain  only  $0.99  first  year* 
.com  domain  only  $4.99  first  year* 

More  great  offers  available 
on  our  website! 
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WANT  From  IT 


OU  CAN’T  RUN  A  COMPANY 

without  technology,  but  you  can’t 
invest  in  technology  without  the 
blessings  of  the  finance  depart¬ 
ment.  And  thanks  to  the  stagnant 
economy,  the  pendulum  of  power 
between  Finance  and  IT  is  swing¬ 
ing  decidedly  toward  the  chief 
financial  officer’s  door  these  days. 

“The  power  dynamic  in  the  C-suite  really  does  change 
when  the  economic  times  are  difficult,”  says  Bob  Martins, 
a  CFO  partner  at  Tatum  LLC,  an  executive  services  firm 


before  you  come  knocking,  by  mary  k.  pratt 
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Cloud  Computing 


Perhaps  you've  already  discovered  this,  but  cloud 
computing  (including  software  as  a  service)  is  a  CFO- 
friendly  topic. 

CFOs  like  the  pay-as-you-go  economics  of  cloud  computing 
because  it  keeps  cash  in  the  bank  longer,  notes  a  Forrester 
Research  report. 

“To  a  CFO,  IT  capacity  or  an  application  purchased  from  a 
cloud  service  provider  is  an  operating  expense  that  can  be 
scaled  up  to  meet  a  rising  business  need  -  or  turned  off  when 
the  need  evaporates.  The  same  system  hosted  in  the  corpo¬ 
rate  data  center  is  a  sunk  cost  that  includes  a  capital  expendi¬ 
ture  that  must  be  carried  on  the  balance  sheet  as  an  asset  that 
loses  value  as  it  depreciates,"  the  report  explains. 

Forrester  says  that  because  of  the  difference  between  capi¬ 
tal  expenditures  and  operating  expenditures,  cloud  comput¬ 
ing  yields  the  kind  of  financial  benefits  that  CFOs  value: 

■  Better  cash  flow.  The  company  avoids  taking  on  debt 
and  writing  a  big  check  upfront.  Instead,  checks  are  written 
monthly  or  quarterly. 

■  Lower  financial  risk.  With  a  cloud-based  system,  you 
pay  only  for  what  you  use,  and  you  can  terminate  the  con¬ 
tract.  An  on-premises  system  means  spending  money  upfront 
for  benefits  that  may  or  may  not  materialize. 

■  Greater  financial  visibility.  A  cloud  services  provider 
can  tell  you  how  much  it  will  cost  to  add  a  user  or  process  an 
additional  transaction.  Many  IT  shops  would  be  hard-pressed 
to  do  the  same  for  an  on-premises  system. 

■  Healthier  return  on  assets.  Cioud  costs  are  incurred  in 
the  same  time  period  that  the  value  is  delivered,  so  the  bal¬ 
ance  sheet  doesn’t  carry  an  ever-depreciating  capital  asset  of 
hardware  and  software,  which  lowers  the  increasingly  impor¬ 
tant  financial  metric  of  return  on  assets. 

In  a  recent  survey  of  481  CFOs  in  the  U.S.,  about  half  said 
they  already  have  some  IT  activities  occurring  in  the  cloud. 

The  survey  by  Duke  University  and  CFO  magazine  found  that 
83%  of  the  CFOs  expect  their  companies  to  rely  on  cloud- 
based  services  in  the  next  three  to  five  years. 

-  MITCH  BETTS 


headquartered  in  Atlanta.  “And  right  now,  any  kind  of  spending 
decision  requires  much  more  scrutiny.” 

All  of  this  means  that  now  is  an  excellent  time  for  you,  as  an 
IT  manager,  to  hear  what  Finance  has  to  say.  Computerworld 
asked  several  CFOs  what  message  they’d  most  like  to  get  through 
to  their  top  technologists. 

Say  Goodbye  to  Bells  and  Whistles 

During  better  economic  times,  Don  MacKenzie,  CFO  and  chief 
operating  officer  at  Accounting  Management  Solutions  Inc., 
could  be  persuaded  to  buy  a  more  expensive  system  if  it  offered 
nice-to-have  usability  options  or  extra  functionality. 

But  these  days,  the  age-old  battle  between  cost  and  function¬ 
ality  is  being  won  by  cost.  So  when  the  Waltham,  Mass.-based 
professional  services  firm  needed  new  customer  relationship 
management  software,  MacKenzie  told  his  CIO  at  the  outset, 
“Maybe  we  don’t  need  the  Cadillac.  Our  problem  might  be  better 
solved  using  a  Chevy  solution.” 

MacKenzie  expected  the  CIO  to  deliver  an  analysis  that  looked 
at  several  systems  —  something  he  has  always  done,  in  good 
times  and  bad  —  detailing  how  much  each  one  cost,  the  features 
offered  and  what  type  of  ROI  each  one  could  be  expected  to 
deliver.  But  MacKenzie  admits  that  given  the  financial  pressure, 
the  weight  was  almost  all  on  the  cost  side  of  the  equation. 

“I’m  not  suggesting  that  there  wouldn’t  have  been  a  financial 
analysis  [in  the  past],”  MacKenzie  continues,  “but  the  focus  then 
would  have  been  more  on  functionality  and  on  [the  software’s] 
tie-in  to  other  applications.  That  might  have  overridden  the 
financial  considerations.” 

These  days,  that’s  not  the  case.  One  of  the  options  the  CIO  pre¬ 
sented  was  “a  300-pound  gorilla  with  all  the  bells,”  MacKenzie 
says,  “but  we  went  with  one  that  was  a  lot  cheaper.” 

Play  With  the  Toys  You  Already  Have 

Tibco  Software  Inc.  in  Palo  Alto,  Calif.,  has  made  significant 
investments  in  IT  in  the  past,  including  the  acquisition  of  an 
ERP  system.  So  before  Executive  Vice  President  and  CFO  Sydney 
Carey  opens  the  coffers  to  buy  more  hardware  or  software,  she 
wants  to  make  sure  that  the  company  is  making  full  use  of  its 
current  resources. 

“The  recession  has  focused  us  more  on  the  fact  that  we’ve 
made  investments,”  she  says,  “so  we  need  to  ask,  Are  we  really 
getting  all  we  can  from  them?’  ” 

Specifically,  Carey  explains,  “we  needed  to  leverage  our 
systems,  automating  or  integrating  or  getting  the  right  informa¬ 
tion  to  the  right  people  at  the  right  time  to  make  decisions”  — 
but  without  making  any  more  big  investments  in  infrastructure. 

That  meant  working  with  the  CIO  and  the  IT  staff  to  get  more 
value  from  the  ERP  system.  Carey  had  the  IT  staff  add  business 
process  management  software  and  other  programs  to  the  ERP 
front  end  to  make  the  company’s  order  fulfillment  system  run 
more  efficiently. 

Although  the  software  additions  did  require  some  in-house 
development,  they  represented  a  quicker  and  cheaper  invest¬ 
ment  than  buying  and  rolling  out  an  entirely  new  system.  Yet  the 
results  were  significant:  Carey  says  the  department  that  handles 
orders  has  been  able  to  increase  accuracy  and  double  the  number 
of  transactions  handled  each  quarter  without  adding  staff. 

Continued  on  page  22 
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Smarter  technology  for  a  Smarter  Planet: 

What  3  million  lines  of  code  means 
to  a  piece  of  luggage. 

It  means  Amsterdam  Airport  Schiphol  will  be  able  to  accurately  and  efficiently  move  70  million  pieces  of  luggage  per 
year— 20  million  more  bags  per  year  than  they  used  to.  The  airport’s  automated  baggage  solution  will  allow  them 
to  increase  their  baggage  handling  capacity  by  40%,  so  they  can  meet  the  growing  demand  placed  on  them  as 
one  of  Europe’s  largest  transport  hubs.  This  system  is  built  on  IBM  Rational®  and  Tivoli®  software  and  runs  on 
Power  Systems?  A  smarter  business  is  built  on  smarter  software,  systems  and  services. 


Let’s  build  a  smarter  planet,  ibm.com/luggage  \  i  / 


A  data  visualization  of  the  flow  of  baggage 
traffic  at  Amsterdam  Airport  Schiphol. 


IBM,  tie  IBM  logo,  ibracont  Power  Systems  Rational,  Tivoli.  Smarter  Planet  and  the  planet  icon  are  trademarks  of  International  Business  Machines  Corp,  registered  in  many  jurisdictions  worldwide.  Other  product  are) 
service  names  might  be  trademarks  of  IBM  or  other  companies  A  current  list  of  IBM  trademarks  is  available  on  the  Web  at  wwwjbmcom/legal/copytrade.shrntl  ©  International  Business  Machines  Corporator ■  2Sh). 
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Continued  from  page  22 

Emphasize  Short-term  Benefits ... 

Breslin  Longstreth  wants  his  CIO  to  seek  out  projects  that  deliver 
benefits  quickly. 

“It’s  all  about  the  short-term  and  medium-term  returns,”  says 
Longstreth,  senior  vice  president  of  finance  at  A  Place  for  Mom 
Inc.,  a  Seattle-based  service  that  helps  people  find  care  options 
for  elderly  parents. 

Case  in  point  was  the  company’s  decision  to  revamp  all  soft¬ 
ware  licenses,  standardize  equipment,  and  upgrade  and  integrate 
phone  and  computer  services.  Longstreth  says  the  company  was 
looking  at  a  six-figure  investment  to  get  the  project  done  —  he 
declined  to  disclose  the  actual  price  tag  —  but  found  that  the 
ROI  would  likely  be  realized  within  a  year. 

“We  move  quickly  if  we  think  there’s  a  strong,  quick  ROI.  If  it’s 
not  obvious,  we’re  probably  not  going  to  do  it,”  says  Longstreth. 

He  says  A  Place  for  Mom,  a  private,  $50  million  operation,  is 
growing  so  quickly  that  it’s  hard  to  predict  what  it  will  require 
from  IT  beyond  the  next  few  years.  That’s  one  reason  he  encour¬ 
ages  his  top  IT  person,  the  vice  president  of  development,  to 
think  about  projects  with  quick  returns. 

The  economy  is  another  reason,  Longstreth  says.  Although 
the  company  is  financially  healthy,  he  says  he  doesn’t  want  to 
risk  leaving  it  cash-strapped  by  investing  in  technology  that  has  a 
long-term  ROI.  “Making  a  bet  on  something  with  a  return  three 
to  five  years  out  has  too  much  risk  right  now,”  he  says. 


dP  £Ne  look  at  IT  as  an  enabler 
of  a  lean  company. 

JIM  MORRISON, 

w  CFO.  fEKNOR  APEX  CO. 


...But  Don’t  Abandon  Long-term  Investments 

Even  with  the  economy  in  the  dumps,  Teknor  Apex’s  Morrison 
wants  his  CIO  to  continue  proposing  projects  that  will  help  the 
company  reach  its  long-term  goals. 

“If  there’s  a  project  needed  for  our  strategic  well-being,  I  don’t 
necessarily  [want  IT  to]  put  it  on  a  back  burner  because  the 
economy  has  taken  a  downturn,”  Morrison  says. 

As  a  private  company  that’s  not  driven  by  quarterly  perfor¬ 
mance,  Teknor  Apex  has  the  luxury  of  being  able  to  focus  more 
on  long-term  results,  Morrison  acknowledges.  But  that  doesn’t 
mean  he  can  fund  IT  projects  that  don’t  support  the  corporate  , 
agenda  —  especially  in  today’s  economy. 

“Outside  of  upgrades  of  hardware,  everything  we  do  from  an 
IT  perspective  is  put  forth  as  either  being  strategic  in  nature  or 
increasing  our  efficiencies,”  Morrison  explains. 

When  the  market  went  south  in  2007,  Morrison  says,  the 
company  reduced  its  head  count  by  5%  to  10%,  but  at  about  the 
same  time  he  OK’d  spending  $150,000  for  software  for  the  credit 
department.  “It  was  probably  one  of  the  best  projects  we  ever 
did,”  he  says,  explaining  that  it  allowed  the  company  to  reduce 


HOWTO 

Sell  IT  Projects 
To  the  CFO 

Most  CFOs  still  see  IT  as  a  black  box 
-  they  have  limited  visibility  into 
the  value  that  IT  creates  for  their  or¬ 
ganizations,  says  Gregg  Rosenberg, 
managing  director  of  the  IT  practice 
at  The  Corporate  Executive  Board,  a 
research  and  advisory  services  company. 

So  it’s  no  wonder  that  IT  managers  have  a  tough  time  per¬ 
suading  their  CFOs  to  spend  money  on  new  technology  today, 
Rosenberg  says. 

By  making  changes  in  their  pitches,  IT  managers  can  over¬ 
come  that  roadblock  and  get  the  CFO’s  stamp  of  approval  for 
more  projects,  Rosenberg  and  other  consultants  say.  Those 
changes  should  include  reframing  proposals  and  spending  re¬ 
quests  to  highlight  the  business  value  that  technology  creates. 

in  a  white  paper,  Rosenberg  suggests  that  CIOs  should  take 
the  following  steps  to  get  their  economic  houses  in  order  and 
make  it  easier  for  CFOs  to  see  the  value  of  the  services  that  IT 
provides  to  the  business: 

■  Find  out  the  business  objectives  of  the  stakeholders. 

■  Allocate  all  IT  costs  to  a  set  of  services 
that  the  business  wants. 

■  Hold  IT  service  managers  accountable  for 
controlling  the  costs  of  the  services  they  provide. 

■  Define  units  of  service  in  terms  that  the  business 
understands,  and  show  how  changes  in  IT  service 
consumption  affect  costs. 

■  Reward  IT  staffers  for  lowering  the 
total  cost  of  service. 

■  Set  the  prices  for  IT  services  to  support  overall 
business  objectives,  such  as  cost  predictability. 

■  Invest  in  IT  asset  management  for  making  resource 
allocation  decisions  (not  for  reacting  to  audits). 

Most  of  all,  CIOs  should  communicate  using  the  business  met¬ 
rics  -  like  “decrease  unit  costs”  -  that  really  matter  to  the  com¬ 
pany's  leaders,  says  Saby  Mitra,  an  associate  professor  in  the 
College  of  Management  at  the  Georgia  Institute  of  Technology. 

-  MARY  K.  PRATT 


staff  in  the  credit  department  while  improving  performance.  As  a 
result,  the  new  system  paid  for  itself  within  two  years. 

Morrison  says  those  are  the  kinds  of  technology  investments 
he’d  like  to  see  IT  managers  bring  forward. 

“We  look  at  IT  as  an  enabler  of  a  lean  company.  I  don’t  think 
there’s  a  function  that  doesn’t  feel  that  the  IT  systems  are  abso¬ 
lutely  essential  to  their  performance,”  he  says.  “So  we  give  them 
what’s  needed.  They  just  have  to  show  there’s  a  good  return.”  ♦ 
Pratt  is  a  Computerworld  contributing  writer  in  Waltham,  Mass. 
Contact  her  at  marykpratt@verizon.net. 
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Please  note  the  date  change  for  this  event:  it  will  now  be  held  on  January  26,  2011 


Ensure  Your  Move  to 
the  Cloud  is  Secure 


Presented  by 

cso 

BUSINESS  RISK  LEADERSHIP 


Clouds  promise  to  deliver  unprecedented  business 
efficiencies,  but  securing  data  and  processes  in  the 
cloud  can  be  tricky. 

At  this  exclusive  executive  seminar  on  Securing  the 
Cloud,  you’ll  gain  real-world  insight  into  how  business 
leaders  are  securing  their  cloud  environments,  and: 

•  Discover  the  best  strategies  for  assessing 
security  risks  and  needs  for  the  cloud. 

•  Determine  which  applications  to  move  to  the 
cloud  and  how  to  apply  the  right  security. 

•  Gather  up-to-the-minute  advice  from  the  industry’s 
leading  practitioners  and  recognized  experts. 

•  Network  with  colleagues  who  wrestle  with  similar 
challenges  and  concerns. 


Featured  Speakers  Include: 
Jim  Reavis 

Co-founder,  Cloud  Security  Alliance 

Derek  Slater 

Editor  in  Chief,  CSO  magazine 

David  Giambruno 

CIO,  Revlon 

Nick  Akerman 

Partner,  Dorsey  &  Whitney  LLP 


Whether  you’re  assessing  specific 
moves  to  the  cloud  or  are  seeking  the 
latest  expert  advice,  this  seminar  series 
will  help  you  better  understand  cloud 
security  and  how  you  can  improve  your 
business  by  applying  it  wisely. 


Join  us  on  JANUARY  26th  in 
NEW  YORK  CITY  for  this  UNIQUE  EVENT! 

REGISTER  NOW:  http://events.csoonline.com/csad 

CSO  Executive  Seminar  on  Cyber  Security  |  Washington,  DC  -  March  2011 
CSO  Executive  Seminar  on  Securing  the  Cloud  |  Chicago,  IL  -  May  2011 


Sponsorship  Opportunities  Are  Available 

CSO  Executive  Seminar  Series  attracts  a  powerful  and  influential  audience  of  security  decision  makers. 
For  Sponsor  Opportunities,  contact  Per  Melker  at  508.935.4729  or  e-mail  pmelker@cxo.com 
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Right  Now 

Even  companies  with  great  security 
may  have  left  these  holes  open. 

By  John  Brandon 


JUST  AS  THE  TITANIC  was  thought  to  be  unsinkable, 
many  of  today’s  enterprises  think  of  themselves  as 
invulnerable.  Yet,  for  every  large  organization  that 
glides  through  the  year  without  any  mishaps,  there 
are  many  others  that  suffer  break-ins,  Wi-Fi  sniffing 
snafus  and  incidents  where  Bluetooth  “sniper  rifles” 
are  used  to  steal  company  secrets. 

Security  consultants  have  identified  six  holes  that  are  often 
wide  open  in  corporate  IT  systems,  even  at  companies  that  take 
great  pride  in  their  security  precautions. 

1  Unauthorized  Smartphones 
On  Wi-Fi  Networks 

Smartphones  create  some  of  the  greatest  risks 
for  enterprise  security,  mostly  because  they’re  so 
common  and  because  some  employees  just  can’t 
resist  using  personal  devices  in  the  office  —  even 
if  their  employers  have  well-established  policies 
prohibiting  their  use. 

“The  danger  is  that  cell  phones  are  tri-homed  devices  —  Blue¬ 
tooth,  Wi-Fi  and  GSM  wireless,”  says  Robert  Hansen,  founder 
of  Internet  security  consulting  firm  SecTheory  LLC.  Employees 
who  use  their  personal  smartphones  at  work  “introduce  a  conduit 
that  is  vulnerable  to  potential  attack,”  he  explains. 

If  you  use  a  device  like  a  smartphone  that  spans  multiple  wireless 
spectrums,  “someone  in  a  parking  lot  could  use  a  Bluetooth  sniper 
rifle  that  can  read  Bluetooth  from  a  mile  away,  connect  to  a  smart¬ 
phone,  then  connect  to  a  corporate  wireless  network,”  says  Hansen, 
who  is  also  known  by  the  alias  RSnake.  Bluetooth  thus  becomes  an 
open  portal  that  allows  hackers  to  access  Wi-Fi  and  therefore  the 
corporate  network. 

Hansen  says  adopting  a  policy  that  simply  prohibits  personal 
smartphones  isn’t  likely  to  be  effective  —  employees  will  still  be 
tempted  to  use  their  gadgets.  Instead,  he  says,  IT  should  allow 
only  approved  devices  to  access  the  network.  And  that  access 
should  be  based  on  MAC  addresses,  which  are  unique  codes  that 
are  tied  to  specific  devices,  making  them  more  traceable. 

Another  tactic  is  to  use  network  access  control  to  make  sure 
whoever  is  connecting  is,  in  fact,  authorized  to  connect.  In  an  ideal 
world,  companies  should  also  separate  guest  access  Wi-Fi  networks 
from  important  corporate  networks,  says  Hansen,  even  if  having 
two  wireless  LANs  requires  redundant  systems  and  added  overhead. 

Another  approach:  Provide  robust,  company-sanctioned 
smartphones  on  popular  platforms,  such  as  Google’s  Android, 
thereby  dissuading  employees  from  using  nonsupported  devices. 
By  encouraging  the  use  of  approved  phones,  IT  can  focus  on 
security  precautions  for  a  subset  of  devices  instead  of  having  to 
deal  with  numerous  brands  and  platforms. 

Open  Ports  on  a  Network  Printer 

The  office  printer  is  another  seemingly  in¬ 
nocuous  device  that  represents  a  security  risk, 
although  most  companies  are  oblivious  to  the 
danger.  Printers  have  had  telephone  lines  for 
faxes  for  several  years,  and  some  are  now  Wi-Fi- 
enabled  or  support  3G  wireless  connectivity. 
Some  companies  do  block  access  to  certain  ports  on  printers,  but 
as  Hansen  says,  if  there  are  200  blocked  ports  for  printers  at  a 
large  company,  there  might  be  another  1,000  ports  that  are  wide 


Injecting  hostile  code 

into  P2P  files  is  [not 
difficult]  and  can  create 
a  beachhead  within 
an  organization. 

WINN  SCHWARTAU,  CEO, 

THE  SECURITY  AWARENESS  COMPANY 


open.  Hackers  can  break  into  corporate  networks  through  these 
ports.  A  more  nefarious  trick  is  to  capture  images  of  all  printouts 
in  order  to  steal  sensitive  business  information. 

“One  of  the  reasons  you  do  not  hear  about  it  is  because  there  is 
no  effective  way  to  shut  them  down,”  says  Jay  Valentine,  an  inde¬ 
pendent  security  expert.  “We  see  access  all  the  time  via  network 
ports  in  the  electric  utility  industry,  which  is  a  major  accident 
waiting  to  happen.” 

The  best  way  to  deal  with  this  problem  is  to  disable  the  wire¬ 
less  options  on  printers  altogether.  If  that’s  not  feasible,  IT  should 
make  sure  all  ports  are  blocked  for  any  unauthorized  access,  says 
Hansen.  It’s  also  important  to  use  security  management  tools 
that  monitor  and  report  on  open  printer  ports.  One  such  tool  is 
the  network  monitor  from  ActiveXperts  Software  BV. 

3  Custom  Web  Applications 
With  Bad  Code 

Just  about  every  enterprise  security  professional 
lives  in  fear  of  holes  created  by  sloppy  programming. 
This  can  occur  with  custom-developed  applications 
and  with  commercial  and  open-source  software. 
Hansen  says  one  common  trick  is  to  tap  into  the  xp_cmdshell 
routine  on  a  server,  which  an  inexperienced  programmer  or 
systems  administrator  might  leave  wide  open  for  attack.  Hackers 
can  use  that  opening  to  gain  full  access  to  a  database,  which  pro¬ 
vides  an  entryway  to  data  and  a  quick  back  door  to  networks. 

Hansen  says  PHP  routines  on  a  Web  server  can  also  be  ripe  for 
attack.  Small  coding  errors,  such  as  a  failure  to  use  proper  safe¬ 
guards  when  calling  a  remote  file  from  an  application,  provide  a 
way  for  hackers  to  add  their  own  embedded  code.  A  company  can 
also  be  open  to  attack  if  it  has  a  blog  with  a  trackback  feature  (to 
report  on  links  to  its  posts)  but  doesn’t  sanitize  stored  URLs  to 
prevent  unauthorized  database  queries. 

Of  course,  the  obvious  fix  to  this  problem  is  to  avoid  using 
freebie  PHP  scripts,  blog  add-ons  and  other  code  that  might  be 
suspect.  If  such  software  is  needed,  security  monitoring  tools  can 
detect  vulnerabilities  even  in  small  PHP  scripts. 
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Social  Network  Spoofing 

Facebook  and  Twitter  users  can  be  fooled  into 
divulging  sensitive  information.  Usually,  these 
types  of  attacks  are  subtle  and  not  easily  traced. 

“People  looking  for  jobs  are  often  willing  to 
divulge  [personal]  information,”  notes  Hansen, 
who  says  one  of  his  clients  told  him  about  a  hacker  who  used  a  fake 
e-mail  address  from  a  job-search  Web  site  to  pose  as  a  recruiter.  He 
declined  to  elaborate  on  this  example  to  protect  his  client,  but  it’s 
an  example  of  what  he  calls  the  “confused  deputy”  scenario,  where 
someone  claiming  to  be,  say,  a  recruiter  for  Monster.com  contacts 
an  employee,  and  the  employee  believes  that  the  caller  is,  in  fact,  a 
Monster.com  recruiter  and  doesn’t  attempt  to  verify  his  creden¬ 
tials.  Hansen  says  the  same  thing  can  happen  with  postal  mail  — 
just  because  the  envelope  has  a  certain  return  address,  that  doesn’t 
mean  it  actually  came  from  that  sender. 

Companies  should  use  e-mail  verification  systems  that  validate 
senders’  identities  by  generating  return  messages  that  ask  senders 
to  confirm  their  credentials.  Some  states  have  made  it  illegal  to 
impersonate  someone  by  e-mail. 

Employees  Downloading 
Illegal  Movies  and  Music 

P2P  networks  just  won’t  go  away.  In  a  large  company, 
it’s  not  uncommon  to  find  employees  using  peer-to- 
peer  systems  to  download  pirated  files  or  setting  up 
their  own  servers  to  distribute  software. 

“P2P  networking  should,  as  per  policy,  be  completely  blocked 
in  every  enterprise,”  says  Winn  Schwartau,  CEO  of  The  Security 
Awareness  Company,  a  security  training  firm.  “The  P2P  ports 
should  be  completely  shut  down  at  all  perimeters  and  ideally  at 
the  company’s  endpoints.  P2P  programs  can  be  stopped  through 
[whitelists  or  blacklists]  and  filters  on  the  enterprise  servers.” 

Schwartau  tells  the  story  of  a  financial  services  firm  in  New  York 
that  discovered  a  P2P  port  that  was  running  all  day,  every  day,  in 
its  office.  It  turned  out  to  be  a  porn  file  server  —  exactly  the  kind  of 
P2P  server  that  criminal  hackers  like  to  exploit,  he  says. 

“Injecting  hostile  code  into  P2P  files  is  [not  difficult]  and  can 
create  a  beachhead  within  an  organization,  depending  upon  the 
code  design,”  Schwartau  says.  He  suggests  a  technique  called  “re¬ 
source  isolation”  that  controls  which  applications  users  are  allowed 
to  access  based  on  permission  rights.  Different  operating  systems  do 
that  in  slightly  different  ways,  Schwartau  says,  but  it’s  worth  pursu¬ 
ing  in  situations  where  corporate  policy  is  lacking  or  isn’t  followed. 

Schwartau  encourages  IT  shops  to  conduct  regular  sweeps  of 
all  company  networks  and  servers  to  look  for  P2P  activity  and  to 
be  vigilant  about  blocking  any  P2P  activity. 

SMS  Spoofs  and  Malware  Infections 

Another  potential  attack  vector:  text  messaging  on 
smartphones.  Hackers  can  use  SMS  text  messages 
to  contact  employees  in  direct  attempts  to  get 
them  to  divulge  sensitive  information  like  network 
log-in  credentials  and  business  intelligence,  but 
they  can  also  use  text  messages  to  install  malware  on  a  phone. 

“In  our  proof-of-concept  work,  we  showed  how  a  root  kit  could 
turn  on  a  phone’s  microphone  without  the  owner  knowing  it 
happened,”  says  Schwartau.  “An  attacker  can  send  an  invisible 
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Security  Risks 

In  the  Post-PC  Era 

As  handheld  gadgets  such  as  smartphones  proliferate  in  the 
enterprise  -  in  what  Forrester  Research  Inc.  calls  the  “post- 
PC  era”  -  six  new  data  security  risks  arise: 

■  Employees  lose  the  devices,  or  unscrupulous  individuals 
steal  them.  The  number  of  company-owned  smartphones  lost 

by  the  average  North  American  and  European  enterprise  during 
the  past  two  years  was  50%  higher  than  the  number  of  laptops 
reported  lost  or  stolen:  ll  lost  smartphones  versus  seven  lost  lap¬ 
tops.  More  lost  devices  means  more  lost  data. 

■  IT  doesn’t  control  application  deployment  For  example, 
apps  are  usually  added  to  Apple  devices  by  employees  who  buy 
them  from  the  App  Store. 

■  Third-party  apps  may  not  be  trustworthy.  Users  install  an 

average  of  40  apps  on  iPhones  and  25  on  Android  devices.  Not  all 
of  those  apps  are  safe:  Some  steal  data  or  otherwise  fail  to  behave 
as  advertised. 

■  Support  is  a  lot  more  complicated.  The  sheer  diversity  of 
devices  makes  it  harder  to  know  what  you  can  safely  allow  on  your 
network,  particularly  with  Android  devices. 

■  The  mobile  device  management  (MDM)  aftermarket  is 
immature.  A  cottage  industry  of  specialized  MDM  vendors  has 
sprung  up  to  manage  the  configuration  and  security  of  diverse 
mobile  devices,  but  a  convergence  of  post-PC  and  PC  management 
systems  is  still  years  away. 

■  There  are  legal  uncertainties  about  data  ownership. 

Questions  of  who  owns  the  data  on  employee  smartphones  -  and 
who  is  responsible  for  protecting  it  -  have  yet  to  be  answered.  Case 
law  that  definitively  settles  this  matter  won’t  emerge  for  years. 

SOURCE:  FORRESTER  RESEARCH  INC..  OCTOBER  2010 


text  message  to  the  infected  phone  telling  it  to  place  a  call  and 
turn  on  the  microphone.”  That  would  be  an  effective  tactic  if,  for 
example,  the  phone’s  owner  were  in  a  meeting  and  the  attacker 
wanted  to  eavesdrop,  he  notes. 

Schwartau  says  it’s  possible  to  filter  SMS  activity,  but  that’s 
usually  handled  by  the  wireless  carrier  because  SMS  isn’t  IP- 
based  and  therefore  isn’t  usually  controlled  by  company  admin¬ 
istrators.  The  best  option  is  to  work  with  carriers  to  make  sure 
that  they’re  using  malware-blocking  software  and  SMS  filters  to 
prevent  those  kinds  of  attacks. 

Again,  creating  smartphone  usage  policies  that  encourage  or 
require  the  use  of  only  company-sanctioned  or  company-provided 
phones  and  service  plans  can  reduce  the  risk. 

Of  course,  companies  can’t  thwart  every  possible  attack,  and 
hackers  are  constantly  switching  tactics.  But  you  should  take 
steps  to  plug  these  six  security  leaks  —  and  then  try  to  keep  them 
plugged  —  and  be  on  the  lookout  for  new  forms  of  malicious 
activity.  ♦ 

Brandon  worked  as  an  IT  manager  for  10  years  and  has  been  a  tech 
journalist  for  another  10. 
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CATCHES  ON 


The  goal  is  to  help  business 
users  make  smart  decisions 
with  complex  data  - 
and  less  IT  involvement. 
By  Elisabeth  Horwitt 


HE  GREAT  RECESSION  caught 
most  of  the  used-car  industry 
by  surprise.  Many  dealers 
assumed  that  the  downturn 
would  be  short  and  mild,  so 
they  continued  to  add  inven¬ 
tory  at  a  steady  rate.  As  a  result,  many  used- 
car  inventory-financing  firms  didn’t  make 
adjustments  until  it  was  too  late. 

Dealer  Services  Corp.  (DSC),  in  contrast, 
got  a  heads-up  from  its  newly  deployed 
business  intelligence  system,  says  CIO  Chris 
Brady.  The  self-service  BI  module  of  Infor¬ 
mation  Builders  Inc.’s  WebFocus  software 
allowed  branch  managers  to  see  early  signs  of 
the  economic  slowdown,  without  having  to 
get  technical  help  from  the  IT  department. 

Self-service  BI  appears  to  be  the  next  big 
wave  in  business  intelligence.  In  a  January 
2010  report,  Gartner  Inc.  pointed  to  growing 
demand  among  businesses  for  a  “data 
discovery  tool  architecture”  that  provides 
end  users  with  data  and  reports  and  enables 
them  to  navigate  and  visualize  data  in  a  “surf 
and  save”  mode.  This  means  that  data  views 
can  be  stored  for  reuse  or  sharing.  The  self- 
service  tools  bring  BI  information  to  nontechnical  users;  they  also 
benefit  high-level  analysts  who  need  ad  hoc  reports  right  away. 

At  Carmel,  Ind.-based  DSC,  which  provides  financing  for  about 
10,000  car  dealers,  each  vehicle  receives  a  separate  loan  with  its 
own  conditions  and  payback  schedule.  “That’s  a  lot  of  data,”  says 
Brady.  The  company  originally  used  a  basic  transaction-reporting 
system,  but  that  rapidly  became  inadequate  as  the  business  grew. 

End  users  inundated  IT  with  requests  for  more  data  and  different 
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We  needed  to  get  data  into  the 
hands  of  users  in  departments 
like  sales  .Trfnd  givelhem  tools  so 
they  could  analyze  data  themselves. 

SCOTT  BAKER,  MANAGER  OF  SAP  SYSTEMS, 

ORASURE  TECHNOLOGIES  INC. 

views.  The  more  technically  savvy  tried  to  do  their  own  analyses 
with  Excel  spreadsheets,  but  that  often  resulted  in  inconsistent  and 
inaccurate  data,  Brady  explains.  So  the  company  looked  for  a  BI 
system  that  would  put  as  much  querying  power  as  possible  in  the 
hands  of  end  users  via  Web-based  query  and  reporting  tools. 

In  addition  to  reducing  the  burden  on  IT  and  business  ana¬ 
lysts,  WebFocus  has  increased  the  quality  and  consistency  of  data 
—  and  has  thereby  improved  the  decisions  that  are  based  on  that 
data,  Brady  reports. 

When  the  recession  hit,  WebFocus’  self-service  module  proved 
its  worth  by  enabling  branch  managers  to  see  which  dealers  had 
inventory  that  was  aging  past  a  certain  point,  Brady  says.  This 
was  “a  key  indicator  —  a  very,  very  early  warning  sign,”  she  adds. 

Forewarned  of  the  slowdown  in  inventory  turnover,  DSC  was 
able  to  minimize  the  recession’s  impact.  It  tightened  its  lending 
standards  and  adjusted  financial  reserves.  It  also  offered  advice 
to  troubled  dealerships;  one  of  the  messages  was  “Stop  buying 
SUVs;  they  aren’t  selling,”  Brady  says. 

As  a  result,  “we  definitely  reduced  our  losses  from  bad  loans 
and  didn’t  start  to  see  a  negative  effect  until  the  very  end  of 
2008,”  about  six  months  later  than  competitors,  she  estimates. 

One  key  factor  driving  the  self-service  BI  market  is  the  rapidly 
growing  volume  and  complexity  of  data  needed  to  make  deci¬ 
sions.  In  today’s  volatile  and  cutthroat  global  business  environ¬ 
ment,  business  users  need  more  information  than  ever,  and  they 
need  it  faster  than  ever. 

Further,  the  recession  has  forced  companies  to  lay  off  or  stop 
hiring  IT  staffers  and  business  analysts, 
forcing  everyone  to  do  more  with  less,  says  Jim 
Kobielus,  an  analyst  at  Forrester  Research  Inc. 

As  a  result,  many  IT  staffs  face  growing 
backlogs  of  information  requests  from  in¬ 
creasingly  frustrated  end  users.  But  self- 
service  features  such  as  browser-based  inter¬ 
faces,  interactive  graphics,  drop-down  lists 
and  software  guides  can  help.  They  buffer 
less-technical  end  users  from  the  complexities 
of  the  underlying  data  infrastructure.  This 
frees  up  IT  professionals  from  having  to  spend 
“an  inordinate  amount  of  time”  responding  to 
requests  for  new  data,  new  views  or  updated 
report  formats,  Kobielus  says. 

Consider  the  case  of  OraSure  Technolo¬ 
gies  Inc.  Before  turning  to  self-service  BI,  the 
medical  device  maker’s  two-person  data  team 
couldn’t  keep  up  with  end  users’  information 


demands,  according  to  Scott  Baker,  Bethlehem,  Pa.-based  Ora- 
Sure’s  manager  of  SAP  systems.  “We  needed  to  get  data  into  the 
hands  of  users  in  departments  like  sales,  finance  and  budgeting, 
and  give  them  tools  so  they  could  analyze  data  themselves,”  he 
says.  “We  used  to  create  standard  reports,  and  people  were  always 
saying  they  needed  more  information  —  this  but  not  that.” 

End  users  at  OraSure  can  now  create  their  own  dashboards 
“on  the  fly,”  using  SAP  BusinessObjects’  self-service  system, 

Edge,  Baker  says.  And  BusinessObjects’  Explorer  module  “lets 
you  select  the  filters  and  data  you  want,  and  then  presents  it  to 
you  graphically,”  he  says.  End  users  can  also  create  reports  using 
SAP  Crystal  Reports  or  Microsoft  Excel. 

“BusinessObjects  is  good  at  buffering  users  from  the  techni¬ 
cal  layer,”  Baker  says.  For  example,  users  “don’t  see  [data]  field 
definitions  but  terms  they  work  with  in  their  jobs,  like  ‘quantity 
shipped.’  ” 

The  payback?  End  users  have  generated  more  than  160  reports 
themselves,  Baker  says.  “That’s  160  reports  the  IT  group  didn’t 
have  to  generate,”  he  adds. 

A  Broad  User  Base 

Self-service  BI  isn’t  just  for  the  “average”  end  user  with  limited 
technical  and  analytical  expertise,  says  Forrester  analyst  Boris 
Evelson.  Business  analysts  need  to  do  predictive  analytics,  multi¬ 
dimensional  querying  and  data  mining.  Knowledge  workers  and 
power  users  want  to  do  ad  hoc  querying  and  generate  their  own 
reports  and  views.  Self-service  BI  platforms  enable  them  to  do 
that  while  shielding  them  from  the  underlying  data  infrastruc¬ 
ture,  so  they  don’t  have  to  keep  asking  IT  for  help. 

Flexibility  was  key  at  IXI  Corp.,  a  unit  of  Atlanta-based  Equifax 
Inc.  that  provides  risk  and  performance  management  consulting 
services.  With  IXI’s  old  BI  system,  it  was  too  difficult  to  make  any 
changes  to  a  data  report,  says  Russ  Ayres,  the  company’s  senior 
vice  president  of  customer  insight.  Requests  for  changes  meant 
that  the  underlying  data  models  had  to  be  revised  and  then  ap¬ 
proved,  which  was  a  slow  process.  Hard-coded  data  structures 
weren’t  cutting  it  with  IXI’s  customers,  whose  data  needs  change 
on  a  daily  basis,  Ayres  explains. 

The  company  addressed  these  challenges  by  using  Tibco  Soft¬ 
ware  Inc.’s  Spotfire.  IXI  analysts  use  Spotfire  to  do  rapid  and  flex¬ 
ible  data  querying  across  multiple  data  sources, 
Ayres  says.  On  average,  creating  a  new  view 
takes  a  quarter  of  the  time  it  used  to,  he  adds, 
“so  we’re  about  four  times  as  productive.” 

Despite  their  enthusiasm  for  self-service  BI, 
IT  executives  acknowledge  that  easy-to-use  BI 
tools  can  be  dangerous  because  of  the  power 
they  put  in  the  hands  of  end  users. 

Data  governance,  security,  and  centralized 
monitoring  and  control  of  user  interactions 
are  critical  for  any  BI  system,  but  particularly 
for  self-service  setups  that  give  less-technical 
end  users  direct  access  to  the  corporate  data 
infrastructure. 

“Governance  is  where  we  [IT  professionals] 
come  in,”  says  IXI’s  Ayres.  “When  you  give 
someone  a  loaded  weapon,  they  can  always 
shoot  themselves.  Someone  could  do  a  broad 
search  across  a  5TB  database  and  bring  a 
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server  to  its  knees,  or  worse.  BI  doesn’t  stop  you  from  making  the 
wrong  choices;  it  just  helps  you  make  them  faster.” 

To  avoid  this  problem,  Ayres’  team  has  built  a  layer  between 
the  user  and  BI  tools,  “so  you  can  dance  around  the  playground, 
but  within  limits.”  For  example,  an  employee  might  be  allowed  to 
run  metrics  in  a  data  mart  at  some  levels  but  not  others,  and  he 
wouldn’t  be  allowed  to  summarize  across  different  levels. 

Most  of  the  major  BI  platforms  support  role-based  access  control, 
through  Microsoft  Active  Directory  or  any  other  LDAP-compliant 
global  directory.  Packages  offer  different  degrees  of  granularity:  For 
example,  a  system  might  be  set  up  so  that  a  particular  user  group 
can  access  only  a  subset  of  data,  or  even  just  specific  data  fields. 

SAP  BusinessObjects  provides  role-based  security  down  to  the 
record  level,  says  Baker.  For  example,  a  salesperson  might  see 
only  customers  in  his  territory,  or  a  budget  manager  would  see 
only  the  cost  centers  that  she’s  responsible  for,  while  a  sales  vice 
president  could  view  reports  from  anybody  who  reports  to  him. 

Breaking  Down  the  Walls 

The  new  frontier  for  self-service  BI  is  the  ability  to  enable  differ¬ 
ent  types  of  users  to  collaborate,  not  only  by  sharing  reports  and 
query  results,  but  also  by  working  together  to  define  new  ways  of 
viewing  and  analyzing  information. 

At  DSC,  the  IT  staff  regularly  meets  with  a  committee  of  end 
users,  Brady  says.  “Branch  managers  tell  us  their  best  practices,” 
which  are  then  incorporated  into  reports  and  views.  IT  then  uses 
WebFocus  to  replicate  the  best  practices  across  the  company. 


Self-service  BI  has  “cut  way  down  on  the  time  from  getting  an 
idea  to  building  a  report  that  incorporates  it,  and  having  it  show 
up  on  an  end  user’s  dashboard,”  Brady  says. 

At  OraSure,  the  SAP  team  participates  in  business  users’ 
forecast  meetings.  “We  talk  to  them  about  how  they’re  using 
information,  listen  in  on  discussions  of  what  they’re  finding,  then 
we  brainstorm:  If  you  had  this  additional  information,  would 
that  help  you  get  to  next  level?  We  work  with  end  users  to  figure 
out  how  to  get  the  best  information,”  Baker  says. 

OraSure  employees  collaborate  primarily  through  face-to-face 
meetings  and  e-mail.  However,  Baker  says  that  he  is  definitely 
interested  in  the  possibility  of  providing  more  dynamic  and 
ongoing  interactions  through  Web  2.0  tools  such  as  social  net¬ 
works,  wikis  and  blogs. 

So  are  a  lot  of  other  companies,  according  to  Forrester’s 
Kobielus.  Businesses  are  starting  to  use  collaborative  mashups 
to  enable  teams  of  users  to  develop  charts,  dashboards  or 
reports  online,  and  then  make  them  available  on  blogs,  wikis  or 
Facebook,  he  notes.  Vendors  currently  offering  such  capabilities 
include  Lyzasoft  Inc.,  Tableau  Software  Inc.  and  JackBe  Corp. 

With  proper  governance  and  security  controls  in  place,  imple- 
menters  say,  self-service  and  collaborative  BI  can  break  down  long¬ 
standing  barriers  among  different  departments  and  levels  within  an 
organization.  This  in  turn  promotes  faster  and  —  most  important 
—  more  effective  decision-making  throughout  the  company.  ♦ 
Horwitt,  a  freelance  reporter  and  former  Computerworld  senior  editor, 
is  based  in  Waban,  Mass.  Contact  her  at  ehorwitt@verizon.net. 


Jump  on  the 
Bandwagon 

. .  .  Self-service  tools  are  becoming  a  must-have 
for  successful  BI  vendors. 

Starting  in  2009.  small,  "visionary”  BI  compa¬ 
nies  like  Tibco  Software,  QlikTech  and  Tableau 
challenged  established  Bl  vendors  by  introduc¬ 
ing  “intuitive,  interactive  Bl  tools”  and  "strong, 
interactive  visualization  tools  for  analysis."  ac- 
cbrding  to  a.Gartner  report  released  last  year. 

The  big  players  have  fought  back  with  their 

own  self-service  products:  Microsoft's  Power- 

Pivot.  SAP's- BusinessObjects  Explorer.  IBM's 

•  ,  ,  Cognos  Express  and  Information  Builders'  Web- 

‘  .Focus  V'rsyprl  Discovery.  Pure-play  Bl  vendors 

■;  such  as  Targit.  MicroStrategy  and  SAS  institute 

also  have  self-service  offerings. 

t  However  prospective  enterprise  buyers 

:  •  should  be  aware  that  all  self-service  tools  are 

npt  created  equal.  One  of  the  key  differentiators 

isease  of  use.  according  to  Forrester  Research 
.  ’  *  •  \ 


analyst  Boris  Evelson.  While  most  Bl  vendors 
Claim  to  have  user-friendly  and  intuitive  ap¬ 
plications  and  tools,  "what’s  intuitive  to  a  Bl 
professional  is  not  necessarily  intuitive  to.  say.  a 
marketing  analyst."  he  points  out. 

End  users  with  limited  Bl  expertise  need  tools 
that  prompt  and  guide  them  through  basic  Bl 
tasks,  as  well  as  customizable  report  and  dash¬ 
board  templates,  he  adds. 

Other  key  features  include  Web  portals  for 
sharing  information  and  natural-language  inter¬ 
faces  for  queries  and  searches. 

Power  users  such  as  business  analysts,  on  the 
other  hand,  want  sophisticated  Bl  tools.  Such 
as  in-database  analytics,  that  give  them  the 
flexibility  to  drill  deep  down  into  databases  and 
create  their  own  views  and  queries  on  the  fly. 
but  without  having  to  deal  with  the  technicalities 
of  the  underlying  data  infrastructure  -  which 
would  require  IT  assistance. 

Cost  is  another  major  differentiator.  Compa¬ 
nies  that  already  have  a  leading  Bl  vendor's  plat¬ 
form  in  place  can  usually  add  a  self-service  front 
end  with  minimal  effort  and  cost,  according  to 
Forrester  analyst  Jim  Kobielus. 

Major  Bl  vendors  like  IBM  Cognos.  SAP  and 
Oracle  offer  entry-level  products  geared  to  com¬ 


panies  with  limited  budgets  an  1 1 
Microsoft’s  Bl  software  -  based  on  SQL  Sei 
er.  SharePoint  and  Office  -  is  another  low-cost 
option  for  small  and  midsize  compands. 

Some  large  organizations  are  turning  tc  opt  1- 
source  Bl  platforms  such  as  the  BEE  Pi 
Jaspersoft.  Pentaho  and  SpagoBl.  However, 
be  aware  that  '"Open  source  does  not  a 

pay  for."  Evelson  says.  Some  open-source  Bl 
products  should  be  labeled  "some  assembly  re¬ 
quired."  because  the  va 
fully  integrated,  he  says. 

Further,  some  open-source  suites  lack  fea- 

■ 

scalability  tools  like  load  balancing,  and  connec¬ 
tivity  to  popular  data  sources.  Evelson  adds. 

■ 

service  offerings  are  now  available  from  some  Bl 

vendors,  including  Tibco  (Silver  Spotfire).  PivotLink 

in  addition  to  cutting  capital  and  IT  staff  c  sts. 

SaaS  offerings  enable  a  business  to  easily  e<- 

- 

- 

El  S-  BE  T  H  i-  i R  '  ' 
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Trouble 

Ticket 


Vv  Bit  by  bit. 

//  the  risks  facing  the 
company  are  coming  into 
focus.  Many  of  them  involve 
access  to  the  network. 

\\  Lise 

f  r  every  possible  means 
to  track  down  uriaddressed 
threats,  then  prioritize  them 
and  set  them  right. 


Dangers  Under  the  Rocks 

A  security  manager  in  a  new  job  is  like  a  gardener  lifting 
rocks  and  finding  out  what  threats  lurk  beneath  them. 


I’M  STILL  getting  acquainted  with 
my  new  company.  As  a  security 
manager,  that  means  I’m  seeking 
out  all  the  risks  that  are  lurking  in 
various  functional  areas. 

There  are  many  ways  to  ascertain  risk: 
assessments,  audits,  penetration  testing, 
surveys,  document  reviews.  And  some¬ 
times  you  just  have  to  keep  your  ears 
open.  That  was  the  case  the  other  day, 
during  a  meeting  with  the  executive  vice 
president  for  human  resources.  We  were 
discussing  my  training  and  awareness 
program,  but  the  topic  of 
remote  access  came  up, 
which  led  her  to  mention 
that  she  had  a  temporary 
password  for  the  VPN. 

This  company  requires 
two-factor  authentication  for  remote 
access.  I’m  an  advocate  of  that,  and  I 
was  happy  to  see  it  in  place  here.  Now, 
though,  I  was  being  told  that  access 
was  possible  without  one  of  the  factors: 
the  token.  It  seems  that  when  the  HR 
executive  had  been  traveling  six  months 
earlier,  she  had  forgotten  to  take  her 
authentication-token  key  fob,  so  the  help 
desk  provided  her  with  a  temporary  pass¬ 
word  to  gain  access.  But  that  password  is 
still  enabled. 


Immediately  after  that  meeting,  I  sent 
an  e-mail  to  the  administrator  of  the 
two-factor  authentication  infrastruc¬ 
ture  asking  about  the  password  bypass 
option.  In  emergencies,  he  said,  users 
were  given  a  password.  OK,  then,  who 
has  this  bypass  enabled,  and  how  long 
has  it  been  provisioned  in  each  case?  The 
answers  were  startling.  This  bypass  was 
being  used  in  lieu  of  key  fobs  as  a  quick 
way  to  provide  remote  access  not  only  to 
forgetful  employees,  but  also  to  distribu¬ 
tors,  partners,  suppliers  and  contractors. 

And  some  accounts 
had  been  in  place  for 
more  than  a  year.  The 
existence  of  two-factor 
authentication  had 
given  me  a  sense  of 
security  that  was  entirely  misplaced. 

This  issue  with  the  VPN  spurred  me  to 
take  a  closer  look  at  our  VPN  configura¬ 
tion.  We  use  VPN  concentrators,  which 
can  be  tied  to  Microsoft  Active  Direc¬ 
tory,  and  that  in  turn  allows  us  to  set 
rules  that  limit  access  to  only  the  parts 
of  our  internal  infrastructure  that  any 
particular  user  needs.  The  result  of 
this  inquiry  wasn’t  just  startling;  it  was 
groan-inducing:  Everyone  has  the  same 
level  of  access.  That  includes  people  who 


no  longer  have  any  need  to  access  our 
network  at  all! 

Well,  then,  I  thought,  perhaps  it  would 
be  a  good  idea  to  audit  some  of  our  other 
account  management  processes.  Most 
IT  organizations  give  administrators 
privileged  accounts  that  let  them  handle 
functions  related  to  domain  account 
administration,  e-mail  management, 
backups  and  restores,  and  so  on.  In  a 
Microsoft  environment,  certain  policies 
can  be  applied  to  restrict  administrative 
access  to  only  the  required  privileged 
functions.  You  probably  know  where  I’m 
going  with  this.  The  good  news  was  that 
I  found  that  our  IT  admins  had  taken 
the  time  to  define  two  types  of  admin¬ 
istrative  accounts,  for  employees  and 
contractors.  The  bad  news:  Both  types 
are  given  the  same  amount  of  adminis¬ 
trative  access.  Of  our  80  IT  employees, 
about  30  have  administrator  accounts 
that  give  them  access  any  employee’s 
mailbox,  home  directories  and  sensitive 
data  repositories.  Luckily,  our  financial 
and  HR  applications,  with  their  salary 
data  and  other  personal  information,  are 
protected  with  other  access  controls,  but 
this  is  still  a  huge  risk.  I  wasn’t  merely 
groaning  now;  I  just  about  fell  over. 

As  the  security  manager,  I  am  like  a 
gardener  lifting  the  rocks  placed  among 
the  plants.  I  might  find  grubs  and  other 
threats  to  the  plants  under  some  of  them, 
but  I  have  to  put  the  rocks  back  and  pri¬ 
oritize  which  threats  to  deal  with  first. 

And  so,  as  time  goes  on,  I  will  adjust 
or  write  policies  and  processes  to  deal 
with  the  various  issues  that  I  have  uncov¬ 
ered.  And  I’ll  keep  lifting  those  rocks.  ♦ 
This  week’s  journal  is  written  by  a  real 
security  manager,  “Mathias  Thurman,” 
whose  name  and  employer  have  been  disguised 
for  obvious  reasons.  Contact  him  at  mathias_ 
thurman@yahoo.com. 


I A  a  bypass  around  two-factor  authentication  for  the 

I  VPN  was  supplied  not  only  to  forgetful  employees. 


the  discussions  about 
security!  computeiworld.com/ 
blogs/security 
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-  OPINION 

SJ.  ViUCHAN-NICHOLS 


Moving  Past  Passwords 


Who  can 
manage  to 
remember 
dozens  of 
IDs  and 
passwords 
for  dozens 
of  sites? 
No  one. 


Steven  J.  Vaughan- 
Nichols  has  been 
writing  about 
technology  and  the 
business  of  technology 
since  CP/M-80  was 
cutting-edge  and 
300bit/sec.  was  a  fast 
Internet  connection  - 
and  we  liked  it! 
He  can  be  reached  at 
sjvn@vnal.com. 


WITH  SO  MANY  WEB  SITES  demanding  passwords,  no  one,  but  no 
one,  can  really  be  expected  to  remember  all  the  ones  they  need. 

When  the  popular  Web  site  Gawker  was  hacked  recently, 
more  than  a  million  user  IDs  and  passwords  were  exposed.  If 


you  were  one  of  the  people  whose  account  was 
compromised,  that’s  annoying.  Not  that  it’s  a  big 
deal  that  someone  could  log  into  a  gossip  site 
under  your  name.  But  many  of  those  IDs  and  pass¬ 
words  were  reused  on  other  sites  that  are  a  wee  bit 
more  important.  Now,  that’s  a  problem. 

What  should  you  do  about  it?  I  could  tell  you 
that  you  need  to  use  different  passwords  for  dif¬ 
ferent  sites,  that  you  need  to  pick  passwords  other 
than  all-time  favorite  123456,  and  that  you  should 
change  your  passwords  every  month  for  every  site. 
I’m  not  going  to,  though.  It’s  all  good  advice,  mind 
you,  but  it’s  also  all  pretty  darn  useless. 

People  never  have,  and  never  will,  use  good 
security  practices.  After  more  than  30  years  of 
working  with  networks  and  security.  I’m  ready 
to  give  up  on  trying  to  get  the  general  public  to 
do  the  right  things  to  keep  themselves  safe.  In  a 
company,  it’s  a  different  matter.  It’s  a  pain,  but  if 
you  keep  at  it  and  enforce  the  rules,  eventually 
you’ll  get  most  of  the  people  to  do  the  right  things 
most  of  the  time.  But  people  at  home?  It’s  not 
going  to  happen. 

Besides,  there’s  another  issue  here.  At  work, 
people  need  to  recall,  at  most,  two  or  three  IDs 
and  passwords.  If  you  do  single  sign-on  right,  all 
they’ll  need  is  one.  On  the  public  Internet,  though, 
people  have  to  remember  their  IDs  and  passwords 
for  their  bank,  Facebook,  Twitter,  school,  Gmail, 
phone,  electric  utility,  40i(k),  Linkedln  and  Com- 
puterworld  accounts,  plus  countless  others. 

Who  can  manage  to  remember  dozens  of  IDs 
and  passwords  for  dozens  of  sites?  No  one. 

I  can’t  do  it,  and  I’m  blessed  with  a  good 
memory  for  random  alphanumeric  strings  —  you 
really  don’t  want  me  to  get  a  good  look  at  your 


credit  card.  If  I  can’t  do  it,  no  one  who  isn’t  blessed 
with  a  photographic  memory  can  do  it. 

What  I  do  is  keep  a  long  list  of  user  IDs  and 
passwords  in  my  head.  Some  of  them  I  use  only  on 
trivial  sites,  others  I  keep  only  for  important  sites, 
and  a  few  I  save  only  for  vital  sites  like  my  bank. 

Here’s  a  trick  that  is  security  heresy:  Make  a 
list  of  your  account  numbers,  IDs  and  passwords 
and  encrypt  it.  Use  real  passwords,  though.  No 
“123456”  or  “abcdef;”  no  “password”  or  the  name  of 
your  favorite  team.  Those  kinds  of  passwords  are 
so  easy  to  break,  they  barely  count  as  passwords. 

If  that  option  doesn’t  appeal  to  you,  I’ve  got 
another  one:  LastPass.  This  program  runs  on  all 
the  desktop  operating  systems  that  matter  and  the 
major  smartphone  operating  systems  as  well.  It 
will  automatically  capture  your  log-in  credentials 
and  then  enter  them  into  the  site  for  you  the  next 
time  you  visit.  So  go  ahead  and  use  JKii27Marvel- 
Fan4TossSaladed!  as  a  password.  You  won’t  have 
to  remember  it.  LastPass,  the  password  manager, 
will  do  it  for  you. 

While  I’d  rather  it  didn’t  store  these  passwords 
in  an  encrypted  form  on  the  Web,  LastPass’  ad¬ 
vantages  more  than  outweigh  its  disadvantages  in 
my  mind.  It  certainly  beats  having  your  one  real 
password  to  every  system  on  Earth  available  to 
anyone  who  hacks  into  any  site  you  visit. 

The  real  solution,  though,  is  to  find  something 
else  to  replace  user  IDs  and  passwords.  I  don’t 
know  what  that  will  be.  I  do  know  that  as  we 
spend  more  and  more  of  our  computing  time 
online  at  dozens  of  different  sites,  we  have  to 
come  up  with  a  better  answer  that  will  really  work 
for  people.  User  IDs  and  passwords  simply  don’t 
cut  it  anymore.  ♦ 
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MARKETPLACE 


Engine  for  Win  &  .NET 
Engine  for  Linux 


The  Smart  Choice  for 
Text  Retrieval®  since  1991 


Desktop  with  Spider 
Network  with  Spider 
Publish  (portable  media) 
Web  with  Spider 


Ask  about 
fully-functional 
evaluations! 


tSearcK 

Instantly  Search  Terabytes  of  Text 


Highlights  hits  in  a  wide  range  of  data,  using  dtSearch's 
own  file  parsers  and  converters 

•  Supports  MS  Office  through  2010  (Word,  Excel,  PowerPoint, 
Access),  OpenOffice,  ZIP,  HTML,  XML/XSL,  PDF  and  more 

•  Supports  Exchange,  Outlook,  Thunderbird  and  other 
popular  email  types,  including  nested  and  ZIP  attachments 

•  Spider  supports  static  and  dynamic  web  data  like  ASP.NET, 
MS  SharePoint,  CMS,  PHP,  etc. 

•  API  for  SQL-type  data,  including  BLOB  data 

25+  full-text  and  fielded  data  search  options 

•  Federated  searching 

•  Special  forensics  search  options 

•  Advanced  data  classification  objects 

APIs  for  C++,  Java  and  .NET  through  4.x 

•  Native  64-bit  and  32-bit  Win  /  Linux  APIs;  .NET  Spider  API 

•  Content  extraction  only  licenses  available 


With  dtSearch:  "Endless 
indexing  is  now  a  breeze" 
Computerworld 

"Impressive  searching 
power ...  handles  more 
than  a  terabyte  of  text  in 
a  single  index" 

Network  World 

"Lightning  fast ... 
performance  was 
unmatched  by  any  other 
product" 

Redmond  Magazine 


www.dtSearch.com  •  i-soo-it-finds 


For  hundreds  more 
reviews  and  developer 
case  studies,  see 
www.dtSearch.com 


Personalized  IT  newsletter 
from  Tech  Disper  ser. 

pick  the  topics.  You  pick  th  e  sources.  You  pick  the  frequ  ency. 

Build  your  own  newsletter  featuri  ig  your  favorite  tec  inology 
topics  -  clc  jd  computing,  application  development,  security  — 
over  2  0  timely  topics,  from  more  than  7  0  trusted  sources. 


It's  free. 

www.l  echdis  penser.com 


TECH  Q  DISPENSER 


■  ■ 1  Y  e.;-' 

Disturbingly  personal  newsletters.. 


I 


The  Benefits 
Landscape 

In  2010.  workers  at  smaller  copip.i'iY"  n  i 

when  it  came  to  retaining  their  level  of  health  benefit' 


Cut  benefits/ 
increased  cost  sharing 


SMALL  FIRMS 


30% 


Increased  workers' 
share  of  premiums 


22% 


SOURCE:  KAISER  FAMILY  FOUNDATION  SURVEY  OF  3.143  EMPLOYERS. 

04  2010.  SMALL  COMPANIES  ARE  DEFINED  AS  THOSE  WITH  THREE  TO  199 
EMPLOYEES.  AND  LARGE  COMPANIES  ARE  THOSE  WITH  200  OR  MORE. 


ASK  A  PREMIER  100  IT  LEADER 

Susan  G. 
Schade 

The  CIO  at  Brigham  and 
Women's  Hospital  in  Boston  answers 
questions  about  catching  a  hiring  manager’s 
eye,  mentor  relationships  and  more. 


What's  the  most  effective  way  to 
get  a  hiring  manager’s  attention? 

Include  a  cover  letter  with  clear  career 
objectives  and  a  summary  of  key  expe¬ 
rience,  skills  and  knowledge  that  you 
will  bring  to  the  position.  A  resume  that 
starts  by  summarizing  your  key  skills 
and  expertise  helps.  Make  your  bullet 
points  under  each  previous  position 
a  results-focused  statement.  A  hiring 
manager  may  be  looking  for  someone 
with  very  specialized  skills 
and  knowledge  or  some¬ 
one  who  can  be  more  of 
a  utility  player.  If  you  fall 
into  the  latter  category, 
a  broad  range  of  experi¬ 
ence  will  help,  but  it  is  still 
important  to  show  results. 
Unfortunately,  many  hiring 
managers  may  "slot"  you  depending  on 
your  experience.  I  try  to  route  resumes 
to  the  right  potential  hiring  managers 
and  HR  as  soon  as  I  receive  them. 

I  admire  one  of  my  departmental 
managers  a  great  deal.  Would  it  be 
appropriate  for  me  to  initiate  a  men¬ 
toring  relationship?  Absolutely,  if  that 
person  is  as  good  as  you  think,  he  or  she 
will  welcome  your  request,  it  is  important 


If  you  have  a  question 
for  one  of  our  Premier 
100  IT  Leaders,  send 
it  to  askaleaderif) 
computerworld.com, 
and  watch  for  this 
column  each  month. 


to  define  upfront  what  goals  you  want  to 
accomplish,  how  often  you  will  talk  and 
the  length  of  the  mentoring  relationship. 
When  you  reach  the  end  of  that  defined 
time  frame,  the  two  of  you  should  evalu¬ 
ate  how  it  went,  whether  your  goals  were 
met  and  if  an  extension  might  be  useful. 

After  being  laid  off  in  2008, 1  be¬ 
came  a  self-employed  consultant 
Recently,  my  work  led  to  a  job  of¬ 
fer,  and  I'm  tom.  I’ve 
grown  to  like  the  inde¬ 
pendence  I  now  have, 
but  it  can  be  nerve- 
wracking  between 
gigs.  My  husband 
wants  me  to  take  the 
job.  Any  insights?  This 
is  a  very  personal  deci¬ 
sion  for  you  and  your  family.  You  have 
to  know  who  you  are  and  what  kind  of 
environment  you  thrive  in.  Do  you  like 
being  a  part  of  a  team,  or  do  you  prefer 
to  work  with  a  lot  of  organizations?  Are 
you  looking  for  financial  stability,  or  can 
you  deal  with  the  uncertainty  between 
positions?  At  the  end  of  the  day,  you  and 
your  husband  need  to  agree  on  what 
you  need  in  terms  of  financial  security 
and  what  is  going  to  make  you  happy. 
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Employers  Loosening 
The  Purse  Strings 

In  a  recent  survey,  61%  of  hiring  managers  polled  said 
their  companies  would  increase  compensation  for  existing 
workers  in  2011,  up  from  57%  in  2010.  Furthermore, 
31%  said  they  would  offer  higher  initial  salaries  to  job 
candidates,  up  from  29%  in  2010. 


What  will  be  the  average  change 
in  salary  for  existing  employees 
at  your  location  in  2011? 


1%  increase:  5% 


2%  increase: 

18% 


Decrease:  3% 


No  increase: 

36% 


More  than  5%:  5% 
5%  increase:  5% 


What  will  be  the  average  change 
in  initial  salary  offers  at  your 
location  in  2011? 


1%  increase:  3% 


Decrease:  4% 


increase: 

65% 


>  4%  increase:  2% 
5%  increase:  4% 
More  than  5%:  4% 


SOURCE:  CAREERBUILOER  ONLINE  SURVEY  OF 
2.48 2  U.S.  HIRING  MANAGERS.  Q4  2010 


IT  careers 


Computer  Professionals  for  NJ 
based  IT  firm:  Software  Engrs, 
Programmers,  Business 
Analysts,  Business  Systems  &/ 
or  Network  Analysts,  Application 
Developers,  Project  leads,  IT 
Mgrs  needed.  Bach  or  Master 
deg.  in  Engg.,Comp. 
Sci, MIS, CIS, Sci, Math  or  Bus. 
Admin, Mngmt.Ecomcs.  with  or 
without  exp.  reqd.  depending  on 
the  level  of  position.  Multiple 
positions  available  at  junior  and 
senior  levels.  Apply  w/2  copies 
of  resume  to  JSMN 
International,  Inc.  591  Summit 
Ave,  Suite  #  522  Jersey  City  NJ 
07306. 


Computer  Professionals  for 
(Altamonte  Springs)  FL  based  IT 
firm, Sr.  Level  Position:  Sr.  S/w 
Eng,  Sr.  Programmer  Analyst  to 
convert  project  specifications  & 
statements  of  problems  &  pro¬ 
cedures  to  detailed  logical  flow 
charts  for  coding  into  computer 
language.  Develop  &  write  com¬ 
puter  programs  to  store  locate  & 
retrieve  specific  documents, 
data  &  information.  Apply  with  2 
copies  of  resume  to  H.R.D, 
Agitech  Solutions,  Inc.,  283 
Cranes  Roost  Blvd,  Suite  111, 
Altamonte  Springs,  FL,  32701 . 


Sybase,  an  SAP  Co.,  has 
openings  in  Dublin,  CA  for  Sr. 
Staff  SW  Eng  Dev.  (Job  code: 
CF33942).  Serve  as  sr.  tech 
consultant  to  biz  unit  &  apply 
adv  expertise  in  cross-platform 
SW  solution  tech.  Also  for  Staff 
SW  Eng  I  Dev.  (Job  code: 
MDB38214).  Design  &  imple¬ 
ment  performance  features  for 
RDBMS  products.  Refer  to  job 
code  &  send  resume  to 
Sybase,  1  Sybase  Dr,  Dublin, 
CA  94568.  Attn:  M.  Dris,  HR. 
EOE  employer. 


Database  Administrator 
Synerzy  Software  Solutions  Inc 
(Iselin,  NJ)  seeks  Database 
Administrators  to  develop,  mod¬ 
ify,  test,  &  maintain  database 
management  systems  utilizing 
specialized  knowledge  in  SSO 
Management  tools,  Sun 
Directory  Server,  Sun  Application 
Server,  IIS,  Apache, 
WebSphere,  WebLogic,  HTML, 
Shell,  Perl,  C,  C++,  Red  Hat 
Linux,  Windows.  Plan,  sched¬ 
ule,  install  and  test  new  data¬ 
bases  and  programs. 

Kindly  forward  the  resume  to 
mailto:dsp@synerzy.com  or 
naveed@synerzy.com  (HRD) 
Synergy  Software  Solutions,  Inc., 
1  Austin  Ave.,  Iselin,  NJ  08830. 
Contact  -  732-414-2021  /  2023 


Hewlett-Packard  Company  is 
accepting  resumes  for  the  fol¬ 
lowing  positions  in  Palo  Alto, 
CA:  Software  Designer  (Ref. 
#PALSWD11).  Design, 

develop,  maintain,  test,  and 
perform  quality  and  perform¬ 
ance  assurance  of  system  soft¬ 
ware  products.  IT  Developer/ 
Engineer  (Ref.  #PALITDE11). 
Research,  design,  develop, 
configure,  integrate,  test,  and 
maintain  existing  and  new  busi¬ 
ness  applications  and/or  infor¬ 
mation  systems  solutions 
including  databases  through 
integration  of  technical  and 
business  requirements.  Mail 
resume  to  Hewlett-Packard 
Company,  5400  Legacy  Drive, 
MS  H1-6E-28,  Plano,  TX 
75024.  Resume  must  include 
Ref.  #,  full  name,  email  address 
&  mailing  address.  No  phone 
calls  please.  Must  be  legally 
authorized  to  work  in  the  U.S. 
without  sponsorship.  EOE. 


Network  Managers  in 
Piscataway,  NJ  area. 
Supervise/Mentor  Jr.  engineers 
to  Implement/troubleshoot 
Routing,  Switching  &  IP 
Telephony  solutions  involving 
UCM,  UCME,  UC,  UCE, 
IPCCX,  VOIP  Gateway  / 
Gatekeepers  and  SBC  for 
enterprise  networks.  Administer 
Linux,  Windows  NT/00/03 
domain  w/  Exchange.  BS/equiv 
in  Comp  Sci,  Eng  or  rel.  w/5+ 
yrs  rel.  exp.  CCIE  Voice,  CCNP, 
&  CCVP  preferred.  Travel/reloc 
as  reqd.  Send  res.  to:  Subex 
Technologies,  Inc.  255  Old  New 
Brunswick  Rd.  Ste  S240, 
Piscataway,  NJ  08854 


Hewlett-Packard  State  &  Local 
Enterprise  Services,  Inc.  is 
accepting  resumes  for  the  posi¬ 
tion  of  SERVICES 
INFORMATION  DEVELOPER  in 
Columbus,  OH  (Ref. 
#SLCOLSID21);  and  Dublin,  OH 
(Ref.  #SLDUBSID21). 

Conceptualize,  design,  develop, 
unit-test,  configure,  &  implement 
portions  of  new  or  enhanced 
(upgrades  or  conversions)  busi¬ 
ness  &  technical  SW  solutions 
through  application  of  appropri¬ 
ate  standard  SW  devlpmt  life 
cycle  methodologies  &  proc¬ 
esses.  Mail  resume  to  Hewlett- 
Packard  State  &  Local  Enterprise 
Services,  Inc.,  5400  Legacy 
Drive,  MS  H1-6E-28,  Plano,  TX 
75024.  Resume  must  include 
Ref.  #,  full  name,  email  address 
&  mailing  address.  No  phone 
calls  please.  Must  be  legally 
authorized  to  work  in  the  U.S. 
without  sponsorship.  EOE. 


IT  Consultant  &  Project 
Manager  needed  at  unantici¬ 


pated  sites  w /  exp  using  C, 
C++,  CORBA,  Informix,  & 


Unix  or  .Net  Framework.  Mail 


resume  to:  Collabera,  Attn: 


Hireme,  25  Airport  Rd, 
Morristown,  NJ  07960 


IT  Professionals 

Patni  Americas,  Inc.,  an  estab¬ 
lished  and  expanding  IT  consult¬ 
ing  company  with  headquarters 
in  Cambridge,  MA  is  searching 
for  qualified  IT  Professionals 
(i.e.,  Software  Consultants, 
Software  Engineers, 

Programmer/Analysts,  Systems 
Analysts,  Database  Analysts,  QC 
Engineers,  Business  Analysts); 
Information  Systems  and  Project 
Managers;  Program  Managers; 
and  account/sales  managers  for 
its  growing  team.  Technical  posi¬ 
tions  require  a  Bachelor’s  degree 
in  computer  science,  engineering 
or  a  related  field  and/or  relevant 
industry  experience.  For  our 
Information  Systems  and 
Project/Program  Manager  posi¬ 
tions  we  prefer  a  MS  degree  in 
related  fields  such  as  computer 
science  or  engineering  and  rele¬ 
vant  industry  experience.  We  will 
consider  applicants  with  a  rele¬ 
vant  Bachelor's  degree  and  sig¬ 
nificant  industry  experience  for 
these  positions.  Our  account/ 
sales  manager,  engineer  and 
business  development  officer 
positions  involve  developing  and 
managing  business  development 
initiatives,  as  well  as  existing 
accounts  for  the  company. 
Qualified  applicants  will  have  a 
technical  and/or  business/mar¬ 
keting  degree  (MS  preferred) 
and  relevant  industry  expe¬ 
rience.  We  will  consider  can¬ 
didates  with  a  relevant 
Bachelor’s  degree  and/or  rele¬ 
vant  sales/BDM  experience. 
Positions  may  require  relocation 
to  various  client  sites  throughout 
the  United  States.  Qualified 
applicants  submit  resumes  to  HR 
Department  (Attn:  Mithilesh 
Sharma),  Patni  Americas,  Inc., 
One  Broadway,  15th  Floor, 
Cambridge,  MA  02142. 


Looking  for  a 
challenging 
IT  Career, 
shouldn't  be 
such  a 
challenge. 

Find  your  ideal  job  at 
www.ITCareers.com. 


IT 


careers 


QA  Project  Manager  needed 
w/  exp  using  Test  Director, 
Load  Runner,  PerfMon, 
NetMon,  Oracle,  JAVA,  HTML, 
XML  &  VB.  Mail  resume  to: 


BenchmarkQA,  Attn:  D. 
Dreblow,  7301  Ohms  Ln  #590, 
Minneapolis,  MN  55439. 


PINNACLE  SOLUTIONS 
WORLD  WIDE  is  looking  for  a 
Project  Manager  with  >2  year 
experience  in  Waterfall,  Agile- 
Scrum,  RUP,  QA,  Business 
Analysis,  Testing,  MS  Visio 
2003,  MS  Project  2003,  Actuate 
8  &  9,  Oracle,  and  SQL,  for 
New  York  and  Pennsylvania. 
Master's  degree  in  Comp  Sci., 
Comp  App.,  Eng'g.,  Bus. 
Admin.,  Math,  or  Info.  Sys.  + 
minimum  2yrs  exp.  req.  In  lieu 
of  Master's  degree  will  accept 
Bachelor’s  +  7  years  of  expe¬ 
rience  in  job.  Please  e-mail 
your  resume  to: 

jobs@pinnaclesolutions 
wortdwide.com  referencing  Job 
Code:  PrintAdCW 


Intec  Telecom  Systems  PLC, 
Atlanta,  GA,  positions  are  avail¬ 
able: 

Senior  Technical  Consultant- 
GA2066 

Submit  resume  to  Attn:  Kristy 
Williams,  Intec  Telecom 
Systems  PLC,  301  Perimeter 
Center  North,  Suite  200, 
Atlanta,  GA,  30346  U.S.A.  ref¬ 
erencing  appropriate  job  title 
and  requisition  number. 


Hewlett-Packard  Company  is 
accepting  resumes  for  an 
Electrical/Hardware  Engineer  in 
San  Diego,  CA.  (Ref. 
#SDEHW31).  Design,  develop, 
modify  and  evaluate  electronic 
parts,  components  or  integrated 
circuitry  for  electronic  equip¬ 
ment.  Mail  resume  to  Hewlett- 
Packard  Company, 5400  Legacy 
Drive,  MS  H1-6E-28,  Plano,  TX 
75024.  Resume  must  include 
Ref.  #SDEHW31,  full  name, 
email  address  &  mailing 
address.  No  phone  calls 
please.  Must  be  legally  author¬ 
ized  to  work  in  the  U.S.  without 
sponsorship.  EOE. 


HP  Enterprise  Services,  LLC  is 
accepting  resumes  for  the  follow¬ 
ing  positions:  Technology 

Consultant  in  Palo  Alto,  CA.  (Ref. 
#RESPALTC11).  Provide  technol¬ 
ogy  consulting  to  customers  and 
internal  project  teams.  Provide 
technical  support  and/or  lead¬ 
ership  in  creation  and  delivery  of 
technology  solutions  designed  to 
meet  customers’  business  needs 
and,  consequently,  for  under¬ 
standing  customers'  businesses. 
Extensive  travel  required  to  vari¬ 
ous  unanticipated  locations 
throughout  the  US.  Services 
Information  Developer  in 
Mountain  View,  CA  (Ref.  # 
ESMVSID11).  Conceptualize, 
design,  develop,  unit-test,  config¬ 
ure,  and  implement  portions  of 
new  or  enhanced  (upgrades  or 
conversions)  business  and  tech¬ 
nical  software  solutions  through 
application  of  appropriate  stan¬ 
dard  software  development  life 
cycle  methodologies  and  proc¬ 
esses.  Mail  resume  to  HP 
Enterprise  Services,  LLC,  5400 
Legacy  Drive,  MS  H1-6E-28, 
Plano,  TX  75024.  Resume  must 
include  Ref.  #,  full  name,  email 
address  &  mailing  address.  No 
phone  calls  please.  Must  be 
legally  authorized  to  work  in  the 
U.S.  without  sponsorship.  EOE. 
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Walls  -  and  Only  Walls 

Pilot  fish  gets  a  call  from  a  user  whose  desk  was  moved.  She  says  she  can’t  get  to 
her  network  files  or  the  Internet.  “I  checked  everything  -  network  card  light  was 
on,  network  speed  was  set  correctly,  user  had  correct  domain  and  log-in  creden¬ 
tials,"  says  fish.  “I  then  looked  to  see  where  the  network  cable  was  plugged  in 
and  followed  it  from  the  computer  to . . .  the  bottom  of  the  wall!  Seems  the  wall 
was  installed  the  night  before.  The  wall  guys  simply  moved  the  user’s  desk  to  its 


new  location  without  unplugging 
anything,  and  then  they  installed  a 
new  wall  -  right  over  the  network 
cable.  I  installed  a  temporary  cable 
that  snaked  around  the  floor  from 
the  computer  through  the  doorway 
and  over  to  the  network  jack.  Then 
l  put  in  an  order  for  a  network  jack 
to  be  installed  outside  the  wall  and 
close  to  the  desk.  Takeaway  lesson: 


Beware  the  wall  guys.  They  don’t  do 
cables:  they  only  install  walls!” 

One  Little  Problem 

Budget  slashing  and  radical  new 
money-saving  ideas  are  the  order 
of  the  day  at  this  school  district. 
Fortunately,  the  new  head  of  IT  has 
a  brainstorm.  “Everyone  in  the  IT  de¬ 
partment  carried  a  Nextel  phone  that 


»  Shark  Tank  can’t  run  by  itself. 

Send  your  true  tale  of  IT  life  to 
sharky@computerworld.com.  You'll 
score  a  sharp  Shark  shirt  if  l  use  it. 


HAL  MAYFORTH 


could  also  work  as  a  two-way  radio," 
says  a  pilot  fish  on  the  scene.  “The 
new  IT  boss  took  the  Nextels  and 
purchased  Apple  iPod  Touches  for 
everyone,  including  herself.  She  said 
we  could  use  Skype  to  communi¬ 
cate.  It  didn’t  work.  Now  we  could 
listen  to  music  and  surf  the  In¬ 
ternet  via  wireless  in  the  school 
buildings.  We  just  couldn’t  con¬ 
tact  each  other  unless  we  used 
our  personal  cell  phones." 


How  Hard 
Could  It  Be? 

This  rural  school  district  is 
so  cash-strapped  that  the 
board  decides  to  cut  the  job 
of  the  IT  director,  reports  a 
pilot  fish  in  the  know.  “The 
district  had  in  recent  years 
rolled  out  new  computers  to 
its  high  school,  middle  school 
and  some  elementary  schools,” 
says  fish.  “The  then-IT  director  was 
responsible  for  keeping  everything 
up  and  running."  When  that  position 
was  eliminated,  the  downsized  IT  di¬ 
rector  was  rehired  as  the  high  school 
librarian.  “Then  the  stuff  began  to  hit 
the  fan,”  fish  reports.  “With  no  single 
person  really  in  charge  of  IT,  every¬ 
one  did  their  own  thing,  and  the  local 
techies  providing  support  at  each 
school  became  overwhelmed.”  But 
when  funding  was  restored  for  the  IT 
director’s  position,  the  school  system 
decided  not  to  rehire  the  librarian  as 
the  head  of  IT.  Why?  The  mess  that 
arose  in  the  absence  of  an  IT  chief 
was  blamed  on  the  former  director 
-  for  failing  to  set  up  a  system  that 
could  run  by  itself. 


Q  CHECK  OUT  Sharky's  blog,  browse  the  Sharkives  and  sign  up  for  home  delivery  at  computerworld.com/sharky. 
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OPINION 


SCOT  FINNIC 

In  2011,  Clouds  Rolling  In 


Cloud  computing 
may  be  the  topic 
we  love  to  hate, 
but  it’s  also 
serious  business 
for  a  great  many 
IT  organizations 
this  year. 


Scot  Finnie  is 

Computerworld’s 
editor  in  chief. 
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him  at  sfinnie® 
computerworld.com 
and  follow  him  on 
Twitter  (@ScotFinnie). 


WHERE  DO  YOU  STAND  on  cloud  computing?  Where  does  your 

company  stand?  If  you  think  it’s  all  hype,  you  might  be  surprised 
to  learn  that  many  of  your  colleagues  are  giving  it  a  serious  look. 
Gartner’s  August  2010  “Hype  Cycle”  report  puts  cloud 


computing  just  over  the  “peak  of  inflated  expecta¬ 
tions,”  heading  for  the  “trough  of  disillusionment.” 
Maybe  that’s  right,  once  you  tack  on  the  four  to  five 
months  since  Gartner  published.  I  think  most  IT 
professionals  would  agree  that  cloud  has  received 
more  than  its  fair  share  of,  let’s  say,  attention. 

The  irony  is  that  even  while  many  people  are 
sick  of  hearing  about  cloud,  this  isn’t  a  one-way, 
vendor-driven  conversation.  In  fact,  a  few  big- 
name  vendors  took  early  stands  against  cloud 
but  now,  in  reaction  to  user  demand,  are  busily 
launching  cloud  offerings.  In  many  cases,  the 
C-suite  is  leading  the  internal  conversation  about 
the  cloud,  so  there’s  impetus  behind  it.  Many 
organizations  are  actively  planning  or  implement¬ 
ing  cloud  initiatives  this  year. 

Computerworld’s  November  2010  Cloud  Comput¬ 
ing  Survey  confirms  that.  It  was  surprising  to  me, 
for  example,  that  nearly  one-third  of  the  respondents 
said  they  expect  their  companies  to  fully  convert 
their  IT  operations  to  private  clouds  this  year. 

On  average,  16%  of  respondents’  2010  budgets 
were  allocated  to  cloud-based  initiatives.  Fifty-five 
percent  said  they  expect  20x1  cloud  allocations  to 
rise,  while  only  1%  projected  that  they  will  fall. 
Respondents  from  large  enterprises  said  they 
expect  to  spend  an  average  of  $2  million  on  cloud 
this  year.  Some  35%  named  infrastructure  as  a 
service  as  a  key  focus  of  their  cloud  investments, 
with  storage  as  a  service  and  SaaS  ranking  higher, 
at  43%  and  48%,  respectively. 

Sorry  to  spew  statistics  at  you,  but  they  clearly 
illustrate  my  point:  Cloud  computing  may  be  the 
topic  we  love  to  hate,  but  it’s  also  serious  business 
for  a  great  many  IT  organizations  this  year. 

Lack  of  personnel  is  another  potential  spur 


to  cloud  adoption.  By  offloading  management, 
support  and  other  time-consuming  chores  to  third 
parties,  senior  IT  leaders  may  hope  to  reallocate 
personnel  to  more  strategically  important  efforts. 
That  suggests  that  they  don’t  expect  head  counts  to 
return  to  2008  levels  anytime  soon.  In  other  words, 
a  lot  of  the  interest  in  cloud  computing  may  stem 
from  its  potential  to  boost  staff  productivity. 

The  promise  of  cost  savings  seems  to  be  another 
draw,  but  everything  I’ve  heard  suggests  that  the 
savings  might  be  overstated,  especially  early  on. 

Interest  in  cloud  is  rising  in  the  face  of  hype 
fatigue  and  suspicion  about  rosy  promises.  The 
trend  is  also  bucking  serious  user  reservations 
about  things  like  security,  data  replication/ 
duplication  and  data  silos,  which  were  the  three 
biggest  concerns  mentioned  by  respondents  to  the 
Computerworld  cloud  survey.  Plunging  in  when 
caution  is  advisable  is  a  pretty  rare  phenomenon 
in  the  world  of  IT.  We’re  wisely  risk-averse. 

Could  cloud  computing  be  a  rare  exception  to 
the  Gartner  “Hype  Cycle”  trend  line,  transitioning 
directly  from  hype  to  useful?  I  wouldn’t  expect 
that  from  a  service  technology  that’s  been  as 
overexposed  as  this  one.  Perhaps,  though,  cloud’s 
less-than-fresh  aspects  are  at  play  here.  There  have 
been  several  attempts  over  the  years  to  introduce 
cloudlike  services  under  other  names:  managed 
services,  hosted  apps,  utility  computing  and  so 
forth.  Maybe  we  just  needed  a  little  surplus  server 
capacity  and  a  deep  recession  to  make  it  catch  on. 

I’m  a  bit  surprised  that  a  cloud-building  boom 
seems  to  be  in  the  cards  this  year.  Combine  that 
with  server,  storage  and  network  virtualization, 
and  we’ll  see  data  centers  remake  themselves 
before  our  eyes.  It’s  happening  very  quickly.  ♦ 
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